Author Topic: pivot.sys from PortraitDisplays as a false positive (Read 3522 times)

m.massimo · « **on:** September 16, 2013, 08:18:35 PM »

I'm running Avast 8.0.1497 on XP-SP3 machine with a Samsung display rotated 90° and using PivotPro from PortraitDisplay v.7.61 to do that (OEM). A couple of days ago Avast started to delete pivot.sys from system32/drivers causing a real mess in my display setup. The file was identified as a malware but was clearly a false positive. I was forced to reinstall a recent Reflect image to have the system properly working and disable automatic definition file update in order to maintain 130907-0 that works smooth. Placing the pivot.sys file in Global Exclusion do not solve the problem.
Anyone else?

Milos · « **Reply #1 on:** September 16, 2013, 09:47:47 PM »

Hello,
send us (virus@avast.com) the file to analyze, please. Put "False positive" to email subject.

Milos

dark_skeleton · « **Reply #2 on:** September 16, 2013, 09:57:19 PM »

I have a similar problem, except Avast deleted all my startup executables (like mouse, keyboard drivers, defrag, dropbox, truecrypt, firewall etc). So, in a way, you're actually lucky

As Milos said, send them those files, but for now I'd recommend uninstalling your avast and installing the previous version (I think it was .1489)

m.massimo · « **Reply #3 on:** September 17, 2013, 08:01:10 AM »

Quote from: Milos on September 16, 2013, 09:47:47 PM

Hello,
send us (virus@avast.com) the file to analyze, please. Put "False positive" to email subject.

Milos

Just done, thanks

m.massimo · « **Reply #4 on:** September 17, 2013, 08:05:36 AM »

Quote from: dark_skeleton on September 16, 2013, 09:57:19 PM

As Milos said, send them those files, but for now I'd recommend uninstalling your avast and installing the previous version (I think it was .1489)

I suspect the misbehaviour is not related to program version but to definition file. I'm currently running 8.0.1497 with 130907-0 with no problem, as before.

dark_skeleton · « **Reply #5 on:** September 17, 2013, 10:20:55 AM »

I hope it's true, but I had already survived 3 definition file updates and it still kept deleting files.

Milos · « **Reply #6 on:** September 17, 2013, 10:33:45 AM »

Quote from: dark_skeleton on September 17, 2013, 10:20:55 AM

I hope it's true, but I had already survived 3 definition file updates and it still kept deleting files.

Hello,
did you send the files to virus@avast.com to analyze?

Milos

dark_skeleton · « **Reply #7 on:** September 17, 2013, 10:59:42 AM »

Yes of course

I have created a separate topic here for my case and have gotten quite a few responses and hints, received no answer as to why this could've happened (except for "for some reason, it treats those unrelated files as a virus"), and what is avast doing to prevent such cases and deletions in the future.

I am now running newest avast with newest AVS and so far so good.

m.massimo · « **Reply #8 on:** September 28, 2013, 11:51:29 AM »

An update

I manually updated the definition file this morning (after a Reflect partition image just to avoid any hassle) just to see if the problem I encountered with pivot.sys from Portrait Displays was fixed.
The definition file is 928-0 now and the pivot.sys is not recognized as a malware anymore (927.1 was good as well).

Author Topic: pivot.sys from PortraitDisplays as a false positive (Read 3522 times)

m.massimo

pivot.sys from PortraitDisplays as a false positive

Milos

Re: pivot.sys from PortraitDisplays as a false positive

dark_skeleton

Re: pivot.sys from PortraitDisplays as a false positive

m.massimo

Re: pivot.sys from PortraitDisplays as a false positive

m.massimo

Re: pivot.sys from PortraitDisplays as a false positive

dark_skeleton

Re: pivot.sys from PortraitDisplays as a false positive

Milos

Re: pivot.sys from PortraitDisplays as a false positive

dark_skeleton

Re: pivot.sys from PortraitDisplays as a false positive

m.massimo

Re: pivot.sys from PortraitDisplays as a false positive