Author Topic: Avast suspect a program I just made (Read 2878 times)

vsub · « **on:** June 08, 2013, 01:19:44 AM »

Win32:Evo-gen [Susp]
What can I do in this case...no matter how I add the file to the exclusion list,the moment I try to run the file or extract it from archive,it automatically move the file to the chest.

It's AutoHotkey script that does few things with cmd and one other command line program(extracting images from videos)

If I remove this line from the code(which is actually one of the important ones),then it's ok

Quote

Run,%ComSpec% /k ""%MTN%" "%Line%" "-P" "-h 0" "-a" "1`,2700" "-c 7" "-r 6" "-w 1024" "-g 5" "-j 80" "-b" "0`,70" "-D 0" "-L 4:2" "-k" "ffffff" "-F" "ffffff:0:arialbi.ttf:ffffff:000000:12" "-o .jpg" "-i" "-v" -O "%A_Temp%\VThumbnails" 1>"%stdoutFile%" 2>"%stderrFile%" ",,Hide

avast@@dvantage77.com · « **Reply #1 on:** June 08, 2013, 02:36:54 AM »

Sometimes there are multiple shields at play here, and unless you are using avast! 8, there is no global exclusion list.

In version 7 (Endpoint included) I have had to exclude from File System Shield and Behavioral Shield.

Turn off all shields, and test, then turn them on one by one and test to identify which shields are the culprits.

Set Behavioral Shield, and AutoSandbox to "ASK" This will make it easier to figure out. And let me know what you find out, please!

Cheers,

J.R. "AutoSandbox Guy" Guthrie

vsub · « **Reply #2 on:** June 08, 2013, 07:14:41 AM »

The problem is the File System Shield and the only way to make him exclude the program is to exclude the whole directory where the file is.

PS.I'm using Avast Free...the newest official version.

Milos · « **Reply #3 on:** June 08, 2013, 08:35:44 AM »

Quote from: vsub on June 08, 2013, 01:19:44 AM

Win32:Evo-gen [Susp]
What can I do in this case...no matter how I add the file to the exclusion list,the moment I try to run the file or extract it from archive,it automatically move the file to the chest.

It's AutoHotkey script that does few things with cmd and one other command line program(extracting images from videos)

If I remove this line from the code(which is actually one of the important ones),then it's ok
Quote
Run,%ComSpec% /k ""%MTN%" "%Line%" "-P" "-h 0" "-a" "1`,2700" "-c 7" "-r 6" "-w 1024" "-g 5" "-j 80" "-b" "0`,70" "-D 0" "-L 4:2" "-k" "ffffff" "-F" "ffffff:0:arialbi.ttf:ffffff:000000:12" "-o .jpg" "-i" "-v" -O "%A_Temp%\VThumbnails" 1>"%stdoutFile%" 2>"%stderrFile%" ",,Hide

Hello,
send the compiled .exe to virus@avast.com, put "False positive" to email subject or use http://www.avast.com/contact-form.php

Milos

vsub · « **Reply #4 on:** June 08, 2013, 09:06:24 AM »

Sended.

vsub · « **Reply #5 on:** June 10, 2013, 12:53:04 PM »

So should I think that something is done to the virus definitions because now I don't get a warning anymore when I compile\run the exe?

DavidR · « **Reply #6 on:** June 10, 2013, 01:40:56 PM »

That would be a reasonable assumption that the Win32:Evo-gen [Susp] signature has been tweaked.

Author Topic: Avast suspect a program I just made (Read 2878 times)

vsub

Avast suspect a program I just made

avast@@dvantage77.com

Re: Avast suspect a program I just made

vsub

Re: Avast suspect a program I just made

Milos

Re: Avast suspect a program I just made

vsub

Re: Avast suspect a program I just made

vsub

Re: Avast suspect a program I just made

DavidR

Re: Avast suspect a program I just made