Author Topic: Too many false positives.  (Read 10800 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86949
  • No support PMs thanks
Re: Too many false positives.
« Reply #15 on: August 28, 2005, 12:22:56 AM »
Happy to help, I don't recall having any false positives with avast! nor any infections either.

Lucky I guess, I don't think so, practice safe hex, your AV should be a backup to your brain and common sense.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9407
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Too many false positives.
« Reply #16 on: August 28, 2005, 12:48:05 AM »
Sorry,but that shouldn't be an excuse for bunch of false positives and average detection rate...
Visit my webpage Angry Sheep Blog

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11818
    • AVAST Software
Re: Too many false positives.
« Reply #17 on: August 28, 2005, 01:06:41 AM »
I greatly appreciate the link to the virusscan.jotti.org link, and I use it frequently before installing a downloaded file. However, it fairly regularly advises me there are "run-time packers" and that the "sandbox emulation took a longer time than normal to run". This is even when all scanners report no malicious files. It even happens with some files that I am pretty sure should be clean.

It usually occurs with .exe type files. Are "packers" normally found in .zip files and/or .exe files? How serious should I take the presence of "packers" when all scans say the file seems to be clean?.

That's actually a good question - with no satisfactory answer.
You can be quite sure that e.g. Microsoft executables or libraries are not packed by any executable packer. The same would be true for many "big" applications (e.g. Adobe ones?). However, many authors use executable packers as some kind of protection (especially for shareware tools). Some people use rather paranoid packers (so that, for example, the program wouldn't run in presence of a system debugger) even for freeware stuff, no idea why.
So, you should be really suspicious if you find a DLL, named like a Microsoft one, in your system folder; on the other hand, it's rather common for shareware application executables. The "suspiciousness" also depends on the particular type of executable packer used.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Too many false positives.
« Reply #18 on: August 28, 2005, 01:09:29 AM »
Sorry,but that shouldn't be an excuse for bunch of false positives and average detection rate...
Oh, yeah, you're right.
I'd rather be false positives than poor detection rate anyway...
Let's pray for the time when we got the #1 in detection/submition antivirus rate...  8)
The best things in life are free.