Author Topic: false positive ?  (Read 5424 times)

0 Members and 1 Guest are viewing this topic.

Offline prescient

  • Newbie
  • *
  • Posts: 16
false positive ?
« on: August 01, 2015, 12:09:02 PM »



i downloaded the latest rar  archive  from  rar  web 

http://www.rarlab.com/download.htm

WinRAR x64 (64 bit) 5.30 beta 1

it cant be a virus  right ?  thanks 


Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1440
Re: false positive ?
« Reply #1 on: August 01, 2015, 01:01:28 PM »
It's definitely a false positive. You can send it to Avast Virus Lab from Virus Chest simply right click it and you will see an option saying Submit to virus lab... and then the application form appears and follow the instructions as mentioned here https://www.avast.com/en-nz/faq.php?article=AVKB21
« Last Edit: August 01, 2015, 01:03:41 PM by Staticguy »
DELL Inspiron 15" 7000 Gaming, Windows 10 Home 2004 (OS Build 19041.388), Trend Micro Internet Security 2020 (16.0.1391), Avast SecureLine VPN (5.6.4982), Windows Firewall, Unchecky 1.2

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36931
Re: false positive ?
« Reply #2 on: August 01, 2015, 02:08:07 PM »
Quote
it cant be a virus  right ?
Avast detect it as suspicious...... Win32:Evo-gen [ Susp ] = Suspicious

WinRAR x64 (64 bit) 5.30 beta 1  ..... maybe not so strange if file is new.
First submission 2015-07-30 10:20:20 UTC ( 2 days, 2 hours ago )
https://www.virustotal.com/en/file/37879c264ca3d22cbc0ea061b98f4f61ea20127718855c9a6f908bd7b9f24344/analysis/1438429802/

Symantec /Norton also think it is suspicious
Advanced heuristic and reputation engines   
Symantec reputation Suspicious.Insight


And next time, use Viruses and Worms forum section for reporting False Positives








« Last Edit: August 01, 2015, 02:31:51 PM by Pondus »

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1440
Re: false positive ?
« Reply #3 on: August 01, 2015, 02:58:10 PM »
This has been corrected now. No detections from Norton/Symantec. I also see Avast has been corrected. https://www.virustotal.com/en/file/37879c264ca3d22cbc0ea061b98f4f61ea20127718855c9a6f908bd7b9f24344/analysis/1438433674/

@prescient: I did a scan of this file with Avast had it didn't detect any malware or as suspicious file.
« Last Edit: August 01, 2015, 03:00:38 PM by Staticguy »
DELL Inspiron 15" 7000 Gaming, Windows 10 Home 2004 (OS Build 19041.388), Trend Micro Internet Security 2020 (16.0.1391), Avast SecureLine VPN (5.6.4982), Windows Firewall, Unchecky 1.2

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36931
Re: false positive ?
« Reply #4 on: August 01, 2015, 03:00:40 PM »
Quote
No detections from Norton/Symantec.
I still see it  ..... if you know where to look    ;)
« Last Edit: August 01, 2015, 03:05:14 PM by Pondus »

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1440
Re: false positive ?
« Reply #5 on: August 01, 2015, 03:06:13 PM »
The link says no detection for Norton/Symantec. Oh well, must be time difference or something else? Glitch maybe? Maybe Norton is still developing a new malware definition to correct this detection? I even downloaded this file and did a scan by avast of this file. Avast says no detection?
DELL Inspiron 15" 7000 Gaming, Windows 10 Home 2004 (OS Build 19041.388), Trend Micro Internet Security 2020 (16.0.1391), Avast SecureLine VPN (5.6.4982), Windows Firewall, Unchecky 1.2

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1440
Re: false positive ?
« Reply #6 on: August 01, 2015, 03:07:44 PM »
Quote
No detections from Norton/Symantec.
I still see it  ..... if you know where to look    ;)

"I still see it... if you know where to look ;)". Oh well you the expert not me. If it still says so, then it is very true  :)
DELL Inspiron 15" 7000 Gaming, Windows 10 Home 2004 (OS Build 19041.388), Trend Micro Internet Security 2020 (16.0.1391), Avast SecureLine VPN (5.6.4982), Windows Firewall, Unchecky 1.2

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1440
Re: false positive ?
« Reply #7 on: August 01, 2015, 03:08:48 PM »
LOL pondus I see it. It's under "Additional Information"... Finally am an expert already  :P
DELL Inspiron 15" 7000 Gaming, Windows 10 Home 2004 (OS Build 19041.388), Trend Micro Internet Security 2020 (16.0.1391), Avast SecureLine VPN (5.6.4982), Windows Firewall, Unchecky 1.2

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36931
Re: false positive ?
« Reply #8 on: August 01, 2015, 03:17:58 PM »
Quote
I also see Avast has been corrected.
Maybe / maybe not ..... it depends how the  Win32:Evo-gen [ Susp ]  was detected.

This used to be a on access detection only and was never visible on a VT scan, this has changed, since this is not visible on VT it could be a on access detection or it is fixed



Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84597
  • No support PMs thanks
Re: false positive ?
« Reply #9 on: August 01, 2015, 05:13:39 PM »
This has been corrected now. No detections from Norton/Symantec. I also see Avast has been corrected. https://www.virustotal.com/en/file/37879c264ca3d22cbc0ea061b98f4f61ea20127718855c9a6f908bd7b9f24344/analysis/1438433674/

@prescient: I did a scan of this file with Avast had it didn't detect any malware or as suspicious file.

There are many detections that will only be detected by the resident scanner and not the on-demand scanner. Since VT is only using on-demand scanning some might not show up/be detected.

Those detections which are checked against the avast cloud or by deepscreen or possibly HIPS detection, may not be seen/detected by on-demand scans.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline prescient

  • Newbie
  • *
  • Posts: 16
Re: false positive ?
« Reply #10 on: August 01, 2015, 10:41:47 PM »
i didnt want to download beta   ::)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84597
  • No support PMs thanks
Re: false positive ?
« Reply #11 on: August 01, 2015, 11:02:25 PM »
i didnt want to download beta   ::)

This has nothing to do with this topic.

But to clarify, you get a beta build if you have downloaded and installed a beta version previously. Currently there is no beta trial/version in progress.

I suggest you start your own new topic and expand on your single sentence.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline prescient

  • Newbie
  • *
  • Posts: 16
Re: false positive ?
« Reply #12 on: August 02, 2015, 01:15:30 PM »
what are you talking about ?

this is my thread  and i was commenting  that the  file  i downloaded  was beta  ..  that is why it wasnt  updated yet
when i first download it   i though  i better get the release one  but  then i installed the beta  anyway
i dont like beta   s/w anyway unless i have to

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84597
  • No support PMs thanks
Re: false positive ?
« Reply #13 on: August 02, 2015, 04:08:13 PM »
Exactly what it said, based solely on your post, which I quoted and replied to.

i didnt want to download beta   ::)

Your topic or not, I hadn't got a clue what you were referring to avast or what, which is why I sought clarification.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline prescient

  • Newbie
  • *
  • Posts: 16
Re: false positive ?
« Reply #14 on: August 03, 2015, 08:14:00 PM »
so i can save you now
my eng language  is  under the lvl  of  normal communication   sorry