AVAST keeps blocking a trusted program

[DavidR]

There are 17 logs in that file?

It is likely that it was the FileSystemShield.txt in the avast\report folder (not the avast\log folder).

Can you attach a screenshot of the avast alert, is it possible that it could be running other files, not necessarily in the G: drive.

The screenshot will help us understand exactly what avast is complaining about and crucially what the malware name given.  It is possible that running an executable from what may be considered an external drive is suspicious to avast, that's where the screenshot may help understand why.

[REDACTED]

well the path of the file is g:\pilite10.exe and the exclusion does not work

[DavidR]

Sorry but the screenshot is likely to give the extra information that isn't present in this topic already.

[REDACTED]

when I hit insert image, all it does is put the work in the message??

[REDACTED]

  It only puts the word Image in the message box .... does not bring up anything for me to upload the picture??

[REDACTED]

here it is

[DavidR]

Whilst it is hard to read, the Object being the pilite10.exe file, Win32:Malware-Gen is I believe the malware name, but what I can't read is what the avast Process is that is launching it. That would seem strange as avast would be the detecting agent not launching it. Unless this is avast scanning removable drives if there is any file activity (a little like autorun.inf files)

The alert is flagged when the drive is attached, as I suspected before running an executable from a removable/external device.

As for the exclusion, seeing it is for an external drive I don't know if having the drive listed as G:\ is the way to go, given drive letters are assigned at the time of connection by windows. Perhaps you should give ?:\pilite10.exe in the exclusion. The ? is a single character wildcard, so it wouldn't matter if the drive letter changed.

Where did you enter the exclusion ?
In the avastUI > Settings > General - scroll down and expand Exclusions > and enter it in the File Paths to exclude.

[REDACTED]

The process that comes up is:

c:\program files\Avast software\avast\avastsvc.exe

I am entering the exclusion via the Avast control center under exclusions.  I also took your advice and changed the exclusion to ?:\pilite10.exe and that did not solve the problem.  I even tried unplugging the label maker from the computer, waiting 30 minutes and seeing if that changed anything.  AVAST is still not allowing the label maker file to execute.

[REDACTED]

The top part of the popup reads

Object

G:\ptlite10.exe

Infection

win32:malware - gen

[DavidR]

OK, unfortunately I'm out of ideas on why the exclusion isn't working, it is almost as if avast has scanned it before even referencing the exclusion.

With the process "c:\program files\Avast software\avast\avastsvc.exe" for me is a bit of a weird one as it shouldn't actually be launching anything. As I mentioned this really is an issue with external drives as avast is geared up to scan USB stick drives when connected, as far as I'm aware it is looking for any instance of autorun.inf. If it found one it would then look for files that would be run by that and avast would scan those.

Have you ever submitted this file from the avast chest (as a false positive) ?

[REDACTED]

I have submitted it four times and have not heard a peep from AVAST ......

[DavidR]

Generally you won't get a response, the first you normally know is when it is no longer detected in the virus chest, if you are periodically scanning it there.

You don't say how you submitted it ?
Generally I would submit from the virus chest, right click on the file and select submit to virus labs...

You can also try submission from the support ticket side - https://support.avast.com/support/tickets/new?form=3 that allows for the attachment of a file.

[REDACTED]

When the virus (false positive) is detected, there is a link at the bottom of the pop-up.  I click on that and it gives the submission form. 

[Milos]

Hello,
which way did you use for submit? Did you use http://support.avast.com/ ? Can you post Virustotal link of the detected file so we can find it, please?

Milos

[REDACTED]

I posted it off of the link that is at the bottom of the popup that comes up when I turn on my label maker.  I click on the link and it gives me a form to fill out.  I filled it out four times.  I do not understand what you mean by "post Virustotal link"  Here is what comes up when I get the virus warning.  I don't know what else to give you.

Object

G:\ptlite10.exe

Infection

win32:malware - gen

process

c:\program files\Avast software\avast\avastsvc.exe

The Ptlite10.exe is the program that runs my label maker. 

I even unplugged it and tried it on my other computer which is protected by AVAST and I get the same message.  If there is something else I need to send you, please let me know.