Author Topic: NSIS False Positives (Again...) (Read 1612 times)

REDACTED · « **on:** November 09, 2014, 03:31:59 AM »

Hello,
Avast is again detecting NSIS compiled installers (even ones that have no behavior at all!). The detection is Win32:Evo-gen [Susp]

This is my third post reporting such detections, and while their occurance did reduce, it's frustrating that Avast is falling back into old habits of making careless detections

Please make sure that you are making sufficiently targeted detections! These false positives cause massive inconvenience for developers using NSIS to distribute/package their application.

I've tried reporting the false positives via your online form, but I never see any contact back.

Here's a couple scans to show that Avast is the only AV to be making such detections (note that VirusTotal does not show Evo-gen detections for some reason)
https://www.virustotal.com/en/file/5723958910e8a7a2e6b8cc292608ed229e42e835e4d5972d6fae87e63f9dd3bf/analysis/1415500029/
https://www.virustotal.com/en/file/eb6565a453d6ce7461c0b2cd5e9f4dc58d3a67bd34a2b2cc6cbcb796334d635f/analysis/1415500071/

Link to samples: https://www.sendspace.com/file/qbse8j

Password to zip: falsepositives

Pondus · « **Reply #1 on:** November 09, 2014, 10:32:23 AM »

Quote

Here's a couple scans to show that Avast is the only AV to be making such detections (note that VirusTotal does not show Evo-gen detections for some reason)

Because Win32:Evo-Gen [susp] is a on access detection only and will not show in any scan

Author Topic: NSIS False Positives (Again...) (Read 1612 times)

REDACTED

NSIS False Positives (Again...)

Pondus

Re: NSIS False Positives (Again...)