Author Topic: False alarms - How to overrule Avast  (Read 3675 times)

0 Members and 1 Guest are viewing this topic.

paul85

  • Guest
False alarms - How to overrule Avast
« on: August 03, 2013, 10:43:34 PM »
Hi.  Avast! sends up alarms when I open programs I have used for years.  Today it shut my computer down when I tried to open Adobe Photoshop Elements.  When it does this, how do I over-rule Avast.  I need to use my ELEMENTS, but Avast won't let me.  Thanks.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: False alarms - How to overrule Avast
« Reply #1 on: August 04, 2013, 12:03:17 AM »
Confirm, report, correct.

You don't say what the file name, location and malware name were ?

Anything that you consider a false positive (the only real reason for restoration), shouldn't just be ignored, restored or excluded from scans (avast), that is shooting the messenger rather than treating the problem.

Confirm by examination (virustotal) that it is indeed an FP, if so send the sample for analysis and correction of the detection signature plus inclusion in a signature update. This helps all avast users.
~~~~
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to Open the chest and right click on the file and select 'Extract' it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn't hurt.

@@@@
- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below):
File System Shield, Settings, Exclusions, Add and
avastUI > Settings > Global Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avastUI > Settings > Global Exclusions lists.

Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the \* to \file_name.exe where file_name.exe is the file you want to exclude.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security