Hi Everyone,
we have questions about why there have been more than usual in the past few months. We want to keep our customers and partners informed as to what can cause a false detection. Our Antivirus application uses multiple methods for identifying malware and other threats. One of the primary methods of threat detection uses static definitions. These definitions use hash values and other semantic knowledge to summarize a file or process' contents. In the past few months there has been a significant increase in the rate of Microsoft signed files being detected in particular, which coincides with changes to the way they sign files. Our static definitions check this signature, and because the new signature style does not match our static definitions this sometimes results in a False detection.
There are other factors beyond the Microsoft signature that have also contributed to the recent increase in the number of false detections, but most occur under similar circumstances. We do also have some advice regarding what to do when an infection is detected that we recommend our customers and partners follow before contacting our technical support team. First, we recommend going to virustotal.com and submit a copy of this file to be scanned. Avast is a partner of VirusTotal, which scans submitted files against multiple Antivirus applications in order to determine whether the file is safe. In these cases you can check which Antivirus applications and how many detect the file as infected to determine if that file may be a false positive. After uploading to VirusTotal, if the results indicate the file is infected or if you are still uncertain, please upload a copy of the file to our Virus Labs.
If you are unable to upload a copy of the file, or remove the file due to permissions issues you may need to use the AVG Rescue CD to collect a copy of the detected file and submit or quarantine it.
To submit files to our virus labs please see the following articles for help:
For Avast Antivirus:
https://www.avast.com/faq.php?article=AVKB258For AVG Antivirus:
https://secure.avg.com/submit-sample
