« previous next »
Pages: [1]   Go Down

Author Topic: Annoying false positives: Win32-Evo-gen [Susp]  (Read 3104 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Annoying false positives: Win32-Evo-gen [Susp]
« on: December 17, 2015, 05:37:51 PM »
This is getting really annoying now, and i am considering going back to avira just for this one issue:

The false positive heuristics is way to aggressive, e.g. with this line in my c# project
Code: [Select]
MessageBox.Show("Test", "Caption", MessageBoxButtons.OKCancel);avast is happy, however when i want to grab the result (which button was pressed)
Code: [Select]
var result = MessageBox.Show("Test", "Caption", MessageBoxButtons.OKCancel);uppon compilation avira (latest version as of 17th december 2015) reports that my executable is infected with Win32:Evo-gen [Susp] and only lets me chose between blocking actions (move to virus container, delete, prevent access) and there is no ignore-this-false-positive option!

This is just one of 50 times i have gotten this annoying false positive because of bad heuristics. Please fix this.

See https://ideone.com/XO92Bm
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Annoying false positives: Win32-Evo-gen [Susp]
« Reply #1 on: December 17, 2015, 05:46:37 PM »
Quote
uppon compilation avira (latest version as of 17th december 2015)
Unless you mean avast, talk to avira.
Latest avast version is not from 17th december, but from 1st december
https://forum.avast.com/index.php?topic=179855.0

It is not a false positive since it isn't detected as malware.
Win32:Evo-gen [Susp], avast says it is suspicious, not malicious.

Why not simply set a exclusion for your working folder ?
Logged

REDACTED

  • Guest
Re: Annoying false positives: Win32-Evo-gen [Susp]
« Reply #2 on: December 17, 2015, 05:57:39 PM »
Quote
Unless you mean avast, talk to avira.
Yes, i meant avast of course.  ;)

Quote
Latest avast version is not from 17th december, but from 1st december
"With latest virus signatures files available, AS OF today, the 17th of december."

Quote
Why not simply set a exclusion for your working folder ?
Or you could improve your product.
Edit: So your solution is to disable the product, rather than fixing the issue in the first place.
« Last Edit: December 17, 2015, 05:59:53 PM by triedl23 »
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Annoying false positives: Win32-Evo-gen [Susp]
« Reply #3 on: December 17, 2015, 06:29:51 PM »
Latest VPS (signatures) is not the same as latest avast ;)

It is not my product.
I'm just one of the many users of avast and one of the few(?) who is trying to help other users here.

I suggest you submit a sample to avast so they can have a look at it :
https://www.avast.com/contact-form.php?subject=VIRUS-FILE

No, I did not say to disable avast.
I suggested to add a exclusion for your development folder.
Logged
Pages: [1]   Go Up
« previous next »