Avast Chrome updating alert

[Wittmann]

The attached image shows my normal Chrome updating file, which Avast alerts as being suspect and says that globally it is unheard of.

Why is it that this perfectly valid and regular Chrome update file is being treated like a threat ?

[Pondus]

it is a warning of a new file ..... if you trust it, select action to take at the bottom

[Wittmann]

it is a warning of a new file ..... if you trust it, select action to take at the bottom

I have to trust it. It is the Chrome updater file. If it is blocked. I get no browser update.

Surely Avast can easily ascertain that this file is valid and put it on their white list.

[Pondus]

Surely Avast can easily ascertain that this file is valid and put it on their white list.

yes but since it is new they have to get the new file first, so this warning will go away
VirusTotal - First submission 2015-08-11 15:10:38 UTC ( 2 days, 3 hours ago ) 

arent you happy about avast warning you about new files? ..... what if it was new malware and you got no warning, would you be happy then?


Statistic  https://www.av-test.org/en/statistics/malware/
if you know how to stop 400 000 new malicious files evryday without one False Positive or suspicious warning, then evry AV vendor would like to hear from you

[Wittmann]

yes but since it is new they have to get the new file first, so this warning will go away

Thank you, of course I understand this procedure.

arent you happy about avast warning you about new files? ..... what if it was new malware and you got no warning, would you be happy then?

No need for this terse comment. My Chrome was updated to version 44.0.2403.155 as shown on the alert by this new file. So whilst Avast and the world are in the dark about this Chrome updater file, my Chrome is now bang up-to-date.

Google issued the following bulletin concerning the file in question :-
"Stable Channel Update
The stable channel has been updated to 44.0.2403.155 for Windows, Mac, and Linux.

Krishna Govind
Google Chrome"

[Pondus]

under actions to take ... depending on what you and other select it will get whitelisted or blacklisted

https://blog.avast.com/tag/communityiq/

Community IQ – The largest crowdsourcing in the world

Protection starts with award-winning AVAST technology, but is amplified and improved by the feedback that our huge user base supplies. AVAST uses crowdsourced analysis called Community IQ to identify and isolate malware found in suspicious files and programs. Nearly 200 million devices worldwide automatically detect and report blacklist and whitelist applications and websites, along with tens of thousands of people who regularly provide us with vital information and feedback through the avast! user forum each day.

[DavidR]

Well if you read the image that you posted it will tell you why it arrived at the conclusion that it was considered 'Suspicious' (File Reputation) and not a virus as such.

This file would have only been released, so there would be little history behind it, I also doubt that the file was digitally signed or I believe it would have gone through. If avast also undertook running it to see what it does, some of the actions of an update file could appear suspect.

Again avast isn't making a cast iron 'this is malicious' it is giving a recommendation and allowing you to override it. Given what you know about this being an expected chrome update, you should be able to safely make that determination.

There is also nothing to stop you submitting the file to avast for analysis as an FP.

[Wittmann]

Thanks everybody.

Next time Google Chrome updates and the Avast alert shows, I will take some of the actions you propose. This particular update only occurs when there is a version update, normal automatic browser updates occur every day without any problem.

[Wittmann]

it is a warning of a new file ..... if you trust it, select action to take at the bottom

Well I waited and here it came again. I selected action and found it was no use at all  except to continue the download.

So I  suppose I will have to wait until Avast  and the rest of the world catch up  with Google`s progressive updates.

[DavidR]

it is a warning of a new file ..... if you trust it, select action to take at the bottom

Well I waited and here it came again. I selected action and found it was no use at all  except to continue the download.

So I  suppose I will have to wait until Avast  and the rest of the world catch up  with Google`s progressive updates.

Well it is hardly progressive, if they digitally signed that update file it should get through unmolested.

[Wittmann]

Well it is hardly progressive, if they digitally signed that update file it should get through unmolested.

I find it incredible that a Goliath like Google can issue perfectly valid update files not digitally signed, but nobody is perfect and I guess that is the way the cookie crumbles.

[DavidR]

Well it is hardly progressive, if they digitally signed that update file it should get through unmolested.

I find it incredible that a Goliath like Google can issue perfectly valid update files not digitally signed, but nobody is perfect and I guess that is the way the cookie crumbles.

The problem being there are thousands upon thousands of new malware variants created every day, so they too have no or little history when they first arrive on the scene. So they are going to receive more attention and in this case that has only escalated it to Suspicious not 100% sure malware. So the user does have a decision to make.

Looking at your image again there is something that I find suspicious - that is the use of C:\WINDOWS\system32\svchost.exe to download and handle the update.

If you do a search of the viruses and worms forum for C:\WINDOWS\system32\svchost.exe and you will see just how often this file is misused to download malware.

[REDACTED]

I am receiving the same alert from Avast.   But in my case, when I examine my Chrome browser, Google tells me it is up to date.    So why would I trust this suspicious file that seemingly wants to update an up to date system?

[wscott44]

I have been experiencing the same issue for several months. However, I think it is only on my WinXP laptop and not my Win7 tower.

Perhaps it has something to do with fading support for WinXP. Just guessing.

Wayne