Hi all,
I think today I whitelisted some files that *might* have been this case, so I hope it is already resolved for you!
I just wanted to clarify a couple of things:
1. If you submit a false positive, we need the file. That is why it is usually better to submit a ticket (
https://support.avast.com/Tickets/Submit) or write to virus@avast.com with subject "false positive file", as someone already suggested. It will help to include a virustotal report. Also, if we have the file (which is usually the case), also a sha256 hash could be enough, but really, the file itself is better:-)
2. As Pondus said previously, Evo-gen technology really only flags the file on access (usually when it is executed). Not when it is moved, copied, or scanned on demand. This is intended behaviour and will not (99.9%) be changed in the future.
3. The forum is a place where users can help users. It won't do any harm to discuss it first here (of course!), but if you want some detection to be disabled - ie. you have evidence that the file is harmless (VT report, you are the creator of the file, major concensus in the forum) - you should use either mail or ticket as the forums aren't read usually by vlab operators themselves, the demigods who have the power to disable detections (yayyy:-D).
Any questions, feedback - let me know via PM!
Honza