I just stumbled upon this "feature" also. And I think it's stupid. Let me explain why.
I'm a small software business. I create specialized software which will be used only by a small group of people. I also create other software which I either put of as freeware or as shareware. My problem is that all my users who are using Avast are unable to download my software from my website. Because it doesn't meet any of the requirements:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet
Of course it's not prevalent enough. In case of the specialized software, only a handful of people will download it. In case of newly released freeware/shareware, no-one has downloaded it yet.
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet
Same as above.
3. The file is not signed or Avast does not trust the signature.
I'm not going to spend extra money to get a trusted certificate just to satisfy a virus scanner. In fact, it would be easier for me to tell my clients to simply use another virus scanner instead. Which BTW is what I'm doing now.
Create your own Certificate Authority, create and sign your own certificate for all of your software, then Avast has the option to trust your certificate and all of the signed software (or not trust your certificate if anything untoward is found in your software).
As an alternative, you can submit each of your applications to Avast, as well as any updates every time you make changes.
Your own certificate is definitely easier. If you don't have your own Certificate Authority setup, you can always use XCA to create a CA and certificate to sign your applications.
I'm in a similar situation, just not with as many programs, with my own CA and self-signed certificate on all of my programs.
I submitted 2 files when I came across this and this is what I was told:
The point of Drep is that sometimes viruses are being hosted on hacked sites, which didn't distribute any files. This is a case for Drep, to block those viruses from the start. But we do not want to block legit programs from legit sites, so after a couple of files (or one file a couple of times) were downloaded from a single domain, that domain will not be flagged again ever. This makes sense, as download sites add hundreds of new unique files daily, and of course we do not want to block them.
You can send us the files you will make so we can add them to our cleanset, even before you publish them online... I actually added your cert to the clean list, just to be double sure.