Author Topic: What's with all the new Win32:Evo-gen [Susp] false positives?  (Read 26374 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
I've had a number of false positives show up today in the very same files I've had on my system for a long time.  Specifically:

Win32:Evo-gen [Susp]

Anyone know what sensitivity I can turn down to get past these?

As this is the false positive detection I've seen the most (maybe even exclusively) in all the recent history I can remember easily, maybe it would be nice if this particular heuristic (?) would be specifically configurable?

-Noel

Offline Rich of Apex

  • Newbie
  • *
  • Posts: 2
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #1 on: June 22, 2014, 12:54:17 PM »
I have the same problem. Got several hits yesterday. In fact, Win32:Evo-gen [Susp] is the reason that any files at all are in my Virus Chest--some moved there yesterday, some moved there as far back as April 2013. When I extract any of them and re-scan them with Avast, they are reported as clean.

Also annoying: is the link on the virus warning popup the only way to report a false positive in Avast? I don't know if a file has a real virus or is false positive until I can examine it, compare it with an original, a backup, or a copy on another computer. That takes a time--by then the popup is gone.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #2 on: June 22, 2014, 12:58:06 PM »
Quote
  When I extract any of them and re-scan them with Avast, they are reported as clean.
Because ( Win32:Evo-gen [Susp] = suspicious ) is a on access only detection

You can send files to avast lab from chest....    http://www.avast.com/faq.php?article=AVKB21#

« Last Edit: June 22, 2014, 01:00:33 PM by Pondus »

REDACTED

  • Guest
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #3 on: June 22, 2014, 04:34:48 PM »
So how can we turn down the sensitivity?

My main goal in life is not necessarily to help Avast refine their database after they've made their detection too aggressive.

-Noel
« Last Edit: June 22, 2014, 04:38:41 PM by NoelC »

REDACTED

  • Guest
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #4 on: June 22, 2014, 05:16:50 PM »
Is there a sensitivity setting for Evo Gen only ? I don't think  :o

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #5 on: June 22, 2014, 05:17:55 PM »
No, there is no setting.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

REDACTED

  • Guest
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #6 on: June 22, 2014, 07:40:26 PM »
I hate to have to keep stating the obvious, but...

Why is there no setting for this particular detection, which is the only false positive (actually the only detection) I ever see?

-Noel

REDACTED

  • Guest
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #7 on: June 22, 2014, 07:59:27 PM »
I hate to have to keep stating the obvious, but...

Why is there no setting for this particular detection, which is the only false positive (actually the only detection) I ever see?

-Noel
We don't know.

You could ask a wish for having an option (turned off by default) that allows users to turn off Evo Gen identifications.

REDACTED

  • Guest
Re: What's with all the new Win32:Evo-gen [Susp] false positives?
« Reply #8 on: June 22, 2014, 08:16:17 PM »
Avast!  Consider it so wished!

-Noel