Author Topic: Cygwin SSH service continually caught by behaviour shield  (Read 2594 times)

0 Members and 1 Guest are viewing this topic.

Offline Trafford

  • Newbie
  • *
  • Posts: 2
Cygwin SSH service continually caught by behaviour shield
« on: May 10, 2017, 11:22:45 AM »
Hi, since updating Cygwin to the latest version, sshd.exe (running as a Windows service) is being continually flagged by Avast behaviour shield:

One of your programs is behaving strangely, which could be a sign of malware.
Path: D:\Cygwin\usr\sbin\sshd.exe
Infection: IDP.Generic


If you choose the "Ignore" action, the dialogue box will disappear, but will reappear a short time later.

Support info:
  • Windows Server 2012 R2 Essentials
  • Cygwin openssh version: 7.5p1-1
  • Avast program version: 17.2.2517 (build 17.2.3419.64)
  • Virus definitions version: 170509-4

With thanks in advance,
Rob

Offline Manley

  • Full Member
  • ***
  • Posts: 103
Re: Cygwin SSH service continually caught by behaviour shield
« Reply #1 on: May 10, 2017, 03:29:24 PM »
I know it seems stupid, but Avast is asking all false positives to be reported here: https://www.avast.com/false-positive-file-form.php

They have acknowledged the Behavior Shield isn't great, and submitted reports will help fix issues.

Offline Trafford

  • Newbie
  • *
  • Posts: 2
Re: Cygwin SSH service continually caught by behaviour shield
« Reply #2 on: May 10, 2017, 05:41:29 PM »
Ah, really useful, thanks for your help! ;)
I've submitted the file using the form as suggested.

Best regards,
Rob