Author Topic: Drep Detection  (Read 28831 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85964
  • No support PMs thanks
Re: Drep Detection
« Reply #15 on: December 19, 2014, 03:29:54 PM »
Something must be satisfying avast!, because it's not currently complaining. (Although Chrome does).

Why chrome would be different is beyond me when other browsers aren't alerting.

Are you sure this is avast alerting in chrome and not something like google safe browsing ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2783
  • Volunteer
Re: Drep Detection
« Reply #16 on: December 19, 2014, 03:59:43 PM »
No, Google Chrome flags the download. ("This file is not commonly downloaded and May be malicious").

Very annoying.
SOC Tier II Analyst - Malware Analysis; Digital Forensics and Incident Response (DFIR); Fortinet Firewall Management; Pentest

Personal security is a mindset, not an application. Think before clicking.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85964
  • No support PMs thanks
Re: Drep Detection
« Reply #17 on: December 19, 2014, 04:22:44 PM »
No, Google Chrome flags the download. ("This file is not commonly downloaded and May be malicious").

Very annoying.

So avast isn't alerting at all then (only google chrome) which is somewhat off topic, e.g. not a Drep Detection.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline avastmobile2

  • Newbie
  • *
  • Posts: 13
Re: Drep Detection
« Reply #18 on: March 05, 2015, 05:59:24 PM »
I just stumbled upon this "feature" also. And I think it's stupid. Let me explain why.

I'm a small software business. I create specialized software which will be used only by a small group of people. I also create other software which I either put of as freeware or as shareware. My problem is that all my users who are using Avast are unable to download my software from my website. Because it doesn't meet any of the requirements:

1. The file is not prevalent enough, ie. not enough Avast users launched the file yet
Of course it's not prevalent enough. In case of the specialized software, only a handful of people will download it. In case of newly released freeware/shareware, no-one has downloaded it yet.

2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet
Same as above.

3. The file is not signed or Avast does not trust the signature.
I'm not going to spend extra money to get a trusted certificate just to satisfy a virus scanner. In fact, it would be easier for me to tell my clients to simply use another virus scanner instead. Which BTW is what I'm doing now.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46298
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Drep Detection
« Reply #19 on: March 05, 2015, 09:09:31 PM »
I just stumbled upon this "feature" also. And I think it's stupid. Let me explain why.

I'm a small software business. I create specialized software which will be used only by a small group of people. I also create other software which I either put of as freeware or as shareware. My problem is that all my users who are using Avast are unable to download my software from my website. Because it doesn't meet any of the requirements:

1. The file is not prevalent enough, ie. not enough Avast users launched the file yet
Of course it's not prevalent enough. In case of the specialized software, only a handful of people will download it. In case of newly released freeware/shareware, no-one has downloaded it yet.

2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet
Same as above.

3. The file is not signed or Avast does not trust the signature.
I'm not going to spend extra money to get a trusted certificate just to satisfy a virus scanner. In fact, it would be easier for me to tell my clients to simply use another virus scanner instead. Which BTW is what I'm doing now.
You could also report this to avast and if found to be clean, the alerts would stop. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline avastmobile2

  • Newbie
  • *
  • Posts: 13
Re: Drep Detection
« Reply #20 on: March 05, 2015, 10:20:11 PM »
You could also report this to avast and if found to be clean, the alerts would stop. :)

There are about 60 programs or so that would need to be checked. Also, new ones are added almost weekly, sometimes daily or multiple times a day (new versions of existing programs). It's faster for my clients to temporarily disable Avast (or install a different virus scanner) than having to wait on Avast to clear my programs.

I still have to explain my clients why Avast is blocking the download. The alert says the program they are trying to download has been blocked because it contains a virus. It doesn't say that it actually blocks the download because it has no idea what it's downloading. There's a huge difference. If the message was more descriptive, and it offered the user the option to download anyway, it wouldn't be as useless as it is now.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46298
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Drep Detection
« Reply #21 on: March 05, 2015, 10:32:11 PM »
I'v e reported this to a Moderator. Let's see if we get a comment from Avast. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline V_S

  • Newbie
  • *
  • Posts: 1
Re: Drep Detection
« Reply #22 on: April 03, 2015, 12:54:30 PM »
I just stumbled upon this "feature" also. And I think it's stupid. Let me explain why.

I'm a small software business. I create specialized software which will be used only by a small group of people. I also create other software which I either put of as freeware or as shareware. My problem is that all my users who are using Avast are unable to download my software from my website. Because it doesn't meet any of the requirements:

1. The file is not prevalent enough, ie. not enough Avast users launched the file yet
Of course it's not prevalent enough. In case of the specialized software, only a handful of people will download it. In case of newly released freeware/shareware, no-one has downloaded it yet.

2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet
Same as above.

3. The file is not signed or Avast does not trust the signature.
I'm not going to spend extra money to get a trusted certificate just to satisfy a virus scanner. In fact, it would be easier for me to tell my clients to simply use another virus scanner instead. Which BTW is what I'm doing now.

Create your own Certificate Authority, create and sign your own certificate for all of your software, then Avast has the option to trust your certificate and all of the signed software (or not trust your certificate if anything untoward is found in your software).

As an alternative, you can submit each of your applications to Avast, as well as any updates every time you make changes.

Your own certificate is definitely easier. If you don't have your own Certificate Authority setup, you can always use XCA to create a CA and certificate to sign your applications.

I'm in a similar situation, just not with as many programs, with my own CA and self-signed certificate on all of my programs.

I submitted 2 files when I came across this and this is what I was told:

Quote
The point of Drep is that sometimes viruses are being hosted on hacked sites, which didn't distribute any files. This is a case for Drep, to block those viruses from the start. But we do not want to block legit programs from legit sites, so after a couple of files (or one file a couple of times) were downloaded from a single domain, that domain will not be flagged again ever. This makes sense, as download sites add hundreds of new unique files daily, and of course we do not want to block them.

You can send us the files you will make so we can add them to our cleanset, even before you publish them online... I actually added your cert to the clean list, just to be double sure.
« Last Edit: April 03, 2015, 01:03:07 PM by V_S »