Author Topic: about false alarm  (Read 3412 times)

0 Members and 1 Guest are viewing this topic.

MrBabis

  • Guest
about false alarm
« on: January 23, 2006, 03:23:30 PM »
what should I write in the mail "Subject" and "Body" when I sending file that contains false possetive file?
Do I need to password protect it?

How long time would it take to fix the problem?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89204
  • No support PMs thanks
Re: about false alarm
« Reply #1 on: January 23, 2006, 04:43:56 PM »
Subject - Possible False Positive detection or other suitable words, there is no specific requirement.

Body - Give a brief outline of the problem (possibly a link to this thread, if applicable), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

If you are sending the file from the chest, there is no need to password protect it. If you are sending it from outside the chest, then if you can zip and password protect ('virus', will do) the suspect file, attach it and send it to virus @ avast.com (no spaces).

If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.

Time is not something which is fixed but dependent on priorities, but they have been turning round FPs corrections and inclusions of new viruses quicker recently.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48608
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: about false alarm
« Reply #2 on: January 23, 2006, 07:44:41 PM »
MrBabis,
It would also be nice if you gave us a heads up of the possible false positive.
That way if we're using the program in question, it wouldn't be a total surprise.
Thanks
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

MrBabis

  • Guest
Re: about false alarm
« Reply #3 on: January 24, 2006, 01:26:19 PM »
I asking here just in case that it is good to have some samples on what and how mail must look like when it will be send to avast for analyze or for some other requests.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: about false alarm
« Reply #4 on: January 24, 2006, 02:59:55 PM »
Hi MrBabis,

False positives could be a pain in the neck, well in the case of an online scanner that starts to delete false positives right away.
Whenever you are flagged that you have a suspicious file or even a virus alert, you should get informed about the infection before you make an informed decision, that means scan a second time,
make a notepad file with all that is found in these exact wordings,
take a search out on the net and in a virus encyclopedia to see
what you have at hand, and update the file to Jotti or Virustotal to see whether other virusscanners come with a positive also (may it be under another name). If you are sure you have met a false positive, you should forward this like adviced to the AV-vendor to be analyzed anew. We in the forum like to hear on FP's too like Bob3160 says, but it is also important to inform the developer of the file at hand that a FP was found there. If he is a trusted party he is entitled to get a friendly e-mail also.

I must admit that AV-scanner have different attitudes to flagging suspicious files. Some even flag joke files, because they reason it can startle the end-user, so an animated file that threats to f-disk you, is flagged as a joke.file virus and considered to be deleted, while it is still quite harmless computer-wise. Then there are more FPs when you scan heuristically. So always seek a second opinion.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!