Author Topic: What's with all the new Win32:Evo-gen [Susp] false positives?  (Read 11499 times)

0 Members and 1 Guest are viewing this topic.

Offline NoelC

  • Poster
  • *
  • Posts: 570
I've had a number of false positives show up today in the very same files I've had on my system for a long time.  Specifically:

Win32:Evo-gen [Susp]

Anyone know what sensitivity I can turn down to get past these?

As this is the false positive detection I've seen the most (maybe even exclusively) in all the recent history I can remember easily, maybe it would be nice if this particular heuristic (?) would be specifically configurable?

-Noel

Offline Rich of Apex

  • Newbie
  • *
  • Posts: 2
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #1 on: June 22, 2014, 12:54:17 PM »
I have the same problem. Got several hits yesterday. In fact, Win32:Evo-gen [Susp] is the reason that any files at all are in my Virus Chest--some moved there yesterday, some moved there as far back as April 2013. When I extract any of them and re-scan them with Avast, they are reported as clean.

Also annoying: is the link on the virus warning popup the only way to report a false positive in Avast? I don't know if a file has a real virus or is false positive until I can examine it, compare it with an original, a backup, or a copy on another computer. That takes a time--by then the popup is gone.

Online Pondus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 27137
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #2 on: June 22, 2014, 12:58:06 PM »
Quote
  When I extract any of them and re-scan them with Avast, they are reported as clean.
Because ( Win32:Evo-gen [Susp] = suspicious ) is a on access only detection

You can send files to avast lab from chest....    http://www.avast.com/faq.php?article=AVKB21#

« Last Edit: June 22, 2014, 01:00:33 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline NoelC

  • Poster
  • *
  • Posts: 570
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #3 on: June 22, 2014, 04:34:48 PM »
So how can we turn down the sensitivity?

My main goal in life is not necessarily to help Avast refine their database after they've made their detection too aggressive.

-Noel
« Last Edit: June 22, 2014, 04:38:41 PM by NoelC »

Offline spywar

  • Malware Hunter
  • Poster
  • *
  • Posts: 441
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #4 on: June 22, 2014, 05:16:50 PM »
Is there a sensitivity setting for Evo Gen only ? I don't think  :o

Offline Steven Winderlich

  • Super Poster
  • ***
  • Posts: 2351
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #5 on: June 22, 2014, 05:17:55 PM »
No, there is no setting.
Windows 8.1 Update 2 64 Bit, Avast Premier 2015 R3 Release Candidate

Offline NoelC

  • Poster
  • *
  • Posts: 570
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #6 on: June 22, 2014, 07:40:26 PM »
I hate to have to keep stating the obvious, but...

Why is there no setting for this particular detection, which is the only false positive (actually the only detection) I ever see?

-Noel

Offline spywar

  • Malware Hunter
  • Poster
  • *
  • Posts: 441
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #7 on: June 22, 2014, 07:59:27 PM »
I hate to have to keep stating the obvious, but...

Why is there no setting for this particular detection, which is the only false positive (actually the only detection) I ever see?

-Noel
We don't know.

You could ask a wish for having an option (turned off by default) that allows users to turn off Evo Gen identifications.

Offline NoelC

  • Poster
  • *
  • Posts: 570
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #8 on: June 22, 2014, 08:16:17 PM »
Avast!  Consider it so wished!

-Noel