False Positive starting July 31: Avast prevents commercial programs from running

[REDACTED]

I am a software developer for a commercial software program. Yesterday and today (July 31 and August 1) so far we have received 9 emails or phone calls from customers who can no longer run our software because Avast has detected our software as potentially having a virus. The software programs are the Kepler and Sirius software programs and our website is www.AstroSoftware.com. A message appears that file astcalc.dll might be a problem (this is a file in the application folder) and we can remove the quarantine but then we get messages about other files and there are thousands of files. All we can do is remove Avast. Some customers have already changed to another virus protection program.

Our software is so independent of the windows registry , etc. that you can copy the entire folder to a memory stick, put the memory stick in another windows computer and run the application on another computer. Of course there are no viruses or malware. Why Avast has suddenly decided our software may contain viruses is a mystery to me. I suggest correcting this soon as these people are changing to alternative virus protection programs. We have never had this problem with any virus protection program before and the first version of our application was released in the 1980's.

[Pondus]

Have you just updated the program? ....... guessing it is detected as Suspicious Win32:Evo-gen [Susp]

Video: Excluding certain files/folders from scanning by avast! Antivirus   http://www.avast.com/faq.php?article=AVKB107#artTitle

[Pondus]

You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21

[Para-Noid]

You failed to mention if the affected software is in beta testing or a "final" product.
If it's a final release contact avast using this form http://www.avast.com/contact-form.php

We are users and do not work for avast. The best thing is to use the above form and
contact avast directly.

Pondus...I get the feeling that it's their end users who are having issues.
            And the main issue is that their customers may be getting false positives.
            By contacting avast they will be able to pinpoint the problem area.
           

[REDACTED]

Sorry to hear Avast is improperly blocking your software.

1.  You can report the false positive and suggest that your users do so.  Avast does respond to that feedback.

2.  You might want to consider asking your users add an exclusion rather than remove their chosen antivirus software. 

I'd suggest working out a specific set of instructions you can provide to them as a concise yet thorough step by step guide.  Bear in mind most users are not particularly savvy about operating the complexities of the Avast user interface, so you'll have to be thorough and clear.

Best of luck.

-Noel

[REDACTED]

This is a final product. We have not updated the program recently. Most customers have had the program installed on their computer for a few years.

[REDACTED]

Thank you very much for all the help!

I will use the link to notify Avast. I am not familiar with Avast but one of our tech support people can get on their computers and try to figure out how to set our software as an exception.

[REDACTED]

BTW, I did go to http://www.avast.com/contact-form.php earlier today and reported the problem there as well, and I decided to post on this forum as well to try to expedite this.

[Para-Noid]

You have the option, as pointed out by Pondus, of sending the file to virus@avast.com
in a password protected zipped file. Password protect using your choice of subject.

[REDACTED]

Para-Noid, thank you for the reminder and clarification about this. Avast is quarantining all of the files in the application folder and there are thousands of files but I will send one of them in a password protected zip file.

[REDACTED]

Wow, all the files?  I almost can't imagine that it would do that, I've certainly never seen it.  With the false positives I've ever seen (only a few) it's only picked on one file.

Sounds like you'll want to have your customers exclude the whole folder.

By the way, if you can reproduce the problem yourself you should submit the files that it detects to the other online checkers to ensure you somehow don't have some kind of unforeseen malware latching onto your files.

-Noel

[REDACTED]

I can pretty much guarantee that there isn't any malware attaching to the files. We are now up to 16 users (these are individuals living in different parts of the USA and with their own home computers with various versions of Windows) who have reported the problem since yesterday, we have been selling the software for over 30 years, most of these 16 users installed their programs years ago, did not make any changes to their computers in the past few weeks and have not updated our software in a very long time. We have thousands of customers and I have a feeling that this weekend and next week we will be getting more reports of this problem. I don't know what percent of our customers have the Avast program but it looks like I will soon find out!

Sorry, I was wrong about all of the files being blocked. I am not in the tech support department and I just talked to the tech support person to clarify and I was wrong about all of the files being blocked. Only a few get blocked but some folders within our application folder were removed by Avast (!) so the customer has to re-install our program even if these files are unblocked. This was true for 3 people that the tech support person worked with today. For now we are just telling the customers to remove Avast, get a different virus protection program, and re-install our software and that is what they are doing. Many customers rely on our software for their businesses and they can't live without the software and this is the fastest and simplest thing to do until we can figure out how to get Avast to work with our software. I know this is drastic but the users need to get up and running ASAP. Note that all of these problems started suddenly yesterday and the software has been available in various versions for over 30 years never had problems with Avast until yesterday (July 31).

I emailed one of the files to virus@avast.com and I filled out an online form but have not gotten a response from Avast yet other than in this forum thread.

Thanks to all for your help.

[REDACTED]

For now we are just telling the customers to remove Avast, get a different virus protection program, and re-install our software and that is what they are doing. Many customers rely on our software for their businesses and they can't live without the software and this is the fastest and simplest thing to do until we can figure out how to get Avast to work with our software

That is, of course, entirely up to you, but I know if I were an end-user and a company told me I needed to throw out my chosen antivirus software I'd think twice about it.

It really isn't difficult to develop a procedure where you instruct a customer how to exclude your program installation folder.

But of course it's entirely up to you.

-Noel

[REDACTED]

NoelC, thank you for the suggestions. Yesterday we excluded our software within Avast for one of our customers and still had the problem. Perhaps we did not set the exclusion property properly and we can try this again.

I received a response from Avast and evidently the problem should not occur in the future in regards to the files I sent for their analysis, at least not in the immediate future. They also recommended that I use a digital signature to avoid problems with Avast in the future. I had not digitally signed our .exe and .dll files yet because it didn't seem critically important (given all of the other competing high priority issues we deal with every day) and I never encountered a problem like this before with any virus protection program, but I will do this ASAP to prevent similar problems in the future.

[Milos]

Hello,
which way did you use to report false positive? Use https://support.avast.com/, please.

Milos