Author Topic: Too many false positives.  (Read 10797 times)

0 Members and 1 Guest are viewing this topic.

crossy

  • Guest
Too many false positives.
« on: August 27, 2005, 02:31:32 AM »

Well, Avast flags 15 programs as various trojans, including some software that I wrote (it's a Luhn key calculator, not a trojan).

Norton is quite happy with them so I'll assume they are false.

I'm loathe to just kill scanning of these files in case they get infected by a REAL virus (when, of course, they would NOT be detected).

Is there any way to mask specific triggers on specific files??

I suspect not, but one can ask :)

Norton is such a resource hog, but at least it works RELIABLY.




Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Too many false positives.
« Reply #1 on: August 27, 2005, 03:00:08 AM »
Is there any way to mask specific triggers on specific files??
Sure, there are actually two exclusion lists: one in program settings, affecting the on-demand scanners, and another one in Standard Shield settings, affecting Standard Shield (i.e. on-access protection) only.
The best things in life are free.

TAP

  • Guest
Re: Too many false positives.
« Reply #2 on: August 27, 2005, 07:25:43 AM »
Norton is such a resource hog, but at least it works RELIABLY.

I'm concerned about Avast's reliability too.  :(

I don't know why Avast has continuously generated too many false positives from time to time, although it has no so-called heuristic detection that may (at least) lead to more false positives.

Once upon a time AVAST32 had promoted as a fast and accurate scanning so users are not distureb by false positives, now it would be good if Avast 4 does that way again, fast and accurate scanning with overall reliability.
« Last Edit: August 27, 2005, 12:48:54 PM by TAP »

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2119
Re: Too many false positives.
« Reply #3 on: August 27, 2005, 12:29:50 PM »
Yes, all these false positives are not a pros for avast! But on the other hand, I had only one false positive on my PC during 6 months...

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Too many false positives.
« Reply #4 on: August 27, 2005, 01:19:28 PM »
TAP & Ylap, do you have any file(s) in particular or just chit-chatting?

crossy, please submit the file(s) in question to virus@avast.com .  But Norton is not really a good indicator whether it's really a virus or not - when in doubt, I recommend using an online service like Jotti's http://virusscan.jotti.org


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

TAP

  • Guest
Re: Too many false positives.
« Reply #5 on: August 27, 2005, 01:29:45 PM »
TAP & Ylap, do you have any file(s) in particular or just chit-chatting?

Yes, I had and it already sent to virus@avast.com from time to time and it usually fixed. But I've noticed too many false positives reported on this forum in the last few weeks.

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2119
Re: Too many false positives.
« Reply #6 on: August 27, 2005, 01:32:56 PM »
I'm not saying there is a big problem for me. Just many other users complains about it. I had just one file, I've sent it to ALWIL, and it was everything good in the other day. No complains from me.  ;)

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31205
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Too many false positives.
« Reply #7 on: August 27, 2005, 01:39:50 PM »
I send a FP to Alwil 2 days ago. Got a vps update yesterday that fixed it. Also got personal email from Karel thanking me for letting Alwil know about it.

Great job Alwil. Thanks!

To everyone (just some things to keep in mind)
- Every av has fp's from time to time. These things happen.
- Every av will detect things that another doesn't.
- If you don't let the av vendor know if there is something wrong, they can't fix it
- Not really importan, but a nice option. Avast has skins  :D
- If you don't like the av, its detection or whatever.... Get another one you do like. Noone is forcing you to use a certain av
« Last Edit: August 27, 2005, 01:43:11 PM by Eddy »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9407
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Too many false positives.
« Reply #8 on: August 27, 2005, 02:01:18 PM »
Yeah every AV has them,but avast! has them far above the average at the moment.
Anywhere you look in the forum you'll see complaints about false positives,some even repeat (AutoIt/RAR SFX for example,heck if you have problems with one specific thing several times you should check it each time before VPS release)
Visit my webpage Angry Sheep Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Too many false positives.
« Reply #9 on: August 27, 2005, 02:04:29 PM »
I send a FP to Alwil 2 days ago. Got a vps update yesterday that fixed it. Also got personal email from Karel thanking me for letting Alwil know about it.
Thanks Karel for your hard work. But, maybe Alwil could help you with a junior  8)

Still false positives, not corrected (these are AutoIt files made by myself):
- Vps: 0534-4

Virus has been detected!
File Name: chkdsk.exe
FileID: 378
Virus Description: Win32:Agent-BM [Trj]

Virus has been detected!
File Name: avast! Program Download.exe
FileID: 382
Virus Description: Win32:Agent-BM [Trj]

Vlk, where are the surprises you've promissed us?  8)

The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11818
    • AVAST Software
Re: Too many false positives.
« Reply #10 on: August 27, 2005, 02:13:40 PM »
Tech, I asked you to send the files to me - still didn't receive anything...


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Too many false positives.
« Reply #11 on: August 27, 2005, 04:53:27 PM »
Tech, I asked you to send the files to me - still didn't receive anything...
Sorry, I though you've expecting them from the Chest.
I'll send them now. I mean, a group of files to be tested. Not all of them are false positives right now.
The best things in life are free.

smokethapimp

  • Guest
Re: Too many false positives.
« Reply #12 on: August 27, 2005, 07:42:08 PM »
This is a side issue. I am not even sure if it is appropriate for this board, or exactly where it should be posted. Please move it if it should go elsewhere, or let me know if I should post this on some other forum somewhere else.

I greatly appreciate the link to the virusscan.jotti.org link, and I use it frequently before installing a downloaded file. However, it fairly regularly advises me there are "run-time packers" and that the "sandbox emulation took a longer time than normal to run". This is even when all scanners report no malicious files. It even happens with some files that I am pretty sure should be clean.

It usually occurs with .exe type files. Are "packers" normally found in .zip files and/or .exe files? How serious should I take the presence of "packers" when all scans say the file seems to be clean?

Again, if this post is inappropriate or in the wrong place please bear with me. No offense is intended. :)  Thank you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86925
  • No support PMs thanks
Re: Too many false positives.
« Reply #13 on: August 27, 2005, 07:54:27 PM »
Packers are used to compress a file to reduce download time, zip is only one compression method there are many others. Many .exe files that are compressed may be executable zip files so on double clicking the file it automatically un zips/packs into pre-set folders. This saves the user having to do a manual installation of a program.

Packers are a common feature that you will bump into regularly and avast caters for many of the mainstream packers so you should have little to worry about. So you could use the right click context scan ashQuick.exe in explorer to scan your downloads.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

smokethapimp

  • Guest
Re: Too many false positives.
« Reply #14 on: August 27, 2005, 11:14:52 PM »
DavidR, thank you for your response. :)  I did a search on packers but there is often SO much info on Google that it can be difficult to narrow it down properly. BTW, I ALWAYS right Click/Scan a new file with  AVAST! before I install it ;D. That is an excellent feature.

But being on the cautious side I also use the jotti.org multi-scanner on every new program as well. I appreciate Vlk, and I think it was also Bob for pointing out this resource.

I have had very few problems with false positives from AVAST! and I am very grateful for the Free Home Version. ;D