Author Topic: What's with all the new Win32:Evo-gen [Susp] false positives?  (Read 13219 times)

0 Members and 1 Guest are viewing this topic.

Offline NoelC

  • Poster
  • *
  • Posts: 570
I've had a number of false positives show up today in the very same files I've had on my system for a long time.  Specifically:

Win32:Evo-gen [Susp]

Anyone know what sensitivity I can turn down to get past these?

As this is the false positive detection I've seen the most (maybe even exclusively) in all the recent history I can remember easily, maybe it would be nice if this particular heuristic (?) would be specifically configurable?

-Noel

Offline Rich of Apex

  • Newbie
  • *
  • Posts: 2
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #1 on: June 22, 2014, 12:54:17 PM »
I have the same problem. Got several hits yesterday. In fact, Win32:Evo-gen [Susp] is the reason that any files at all are in my Virus Chest--some moved there yesterday, some moved there as far back as April 2013. When I extract any of them and re-scan them with Avast, they are reported as clean.

Also annoying: is the link on the virus warning popup the only way to report a false positive in Avast? I don't know if a file has a real virus or is false positive until I can examine it, compare it with an original, a backup, or a copy on another computer. That takes a time--by then the popup is gone.

Offline Pondus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 27781
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #2 on: June 22, 2014, 12:58:06 PM »
Quote
  When I extract any of them and re-scan them with Avast, they are reported as clean.
Because ( Win32:Evo-gen [Susp] = suspicious ) is a on access only detection

You can send files to avast lab from chest....    http://www.avast.com/faq.php?article=AVKB21#

« Last Edit: June 22, 2014, 01:00:33 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline NoelC

  • Poster
  • *
  • Posts: 570
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #3 on: June 22, 2014, 04:34:48 PM »
So how can we turn down the sensitivity?

My main goal in life is not necessarily to help Avast refine their database after they've made their detection too aggressive.

-Noel
« Last Edit: June 22, 2014, 04:38:41 PM by NoelC »

Offline spywar

  • Malware Hunter
  • Poster
  • *
  • Posts: 441
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #4 on: June 22, 2014, 05:16:50 PM »
Is there a sensitivity setting for Evo Gen only ? I don't think  :o

Offline Steven Winderlich

  • Massive Poster
  • ****
  • Posts: 2456
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #5 on: June 22, 2014, 05:17:55 PM »
No, there is no setting.
Windows 10 Home 64-Bit, Intel Core i3 5010U 2.1 GHz, 4 GB DDR 3 RAM Single Channel, Intel HD Graphics 5500 (1 GB Video RAM) 1366x768 LED Display Non-Glare

Avast Premier 2015 R3 SP1, MCShield

Offline NoelC

  • Poster
  • *
  • Posts: 570
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #6 on: June 22, 2014, 07:40:26 PM »
I hate to have to keep stating the obvious, but...

Why is there no setting for this particular detection, which is the only false positive (actually the only detection) I ever see?

-Noel

Offline spywar

  • Malware Hunter
  • Poster
  • *
  • Posts: 441
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #7 on: June 22, 2014, 07:59:27 PM »
I hate to have to keep stating the obvious, but...

Why is there no setting for this particular detection, which is the only false positive (actually the only detection) I ever see?

-Noel
We don't know.

You could ask a wish for having an option (turned off by default) that allows users to turn off Evo Gen identifications.

Offline NoelC

  • Poster
  • *
  • Posts: 570
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #8 on: June 22, 2014, 08:16:17 PM »
Avast!  Consider it so wished!

-Noel