Author Topic: Disabling certain virus definitions  (Read 1602 times)

0 Members and 1 Guest are viewing this topic.

Offline Jamie.dd

  • Newbie
  • *
  • Posts: 2
Disabling certain virus definitions
« on: October 04, 2017, 11:43:48 AM »
I keep getting the trojan match on multiple Excel files: VBA:Downloader-BUO [Trj]

It appears that it's triggered by a simple http get/post line in the vba scripts. I've programmed it from ground up, so chances of having trojans are practically nill. Also no other anti-virus products are triggered by it.

Any possibilities on white-listing certain types of detection strings? Preferably managed over the cloud. Or is my only possibility to flag every instance as a false positive and hope that Avast will make a change on their end? I cannot white-list a location as these files are all over the shared network drive.

Cheers,
Jamie
« Last Edit: October 04, 2017, 11:46:35 AM by Jamie.dd »

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 70033
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Jamie.dd

  • Newbie
  • *
  • Posts: 2
Re: Disabling certain virus definitions
« Reply #2 on: October 04, 2017, 01:10:22 PM »
-> https://www.avast.com/faq.php?article=AVKB229#artTitle
-> https://www.avast.com/faq.php?article=AVKB228#artTitle

I'm afraid those don't help much. For the first link: Excel files are not binaries that remain unchanged, thus there is no fingerprint to whitelist.

Second link: Excel files are not binaries, executables or installables.

Modern Excel files have the ending .xlsm or .xlsb with no precompiled code.

The most effective solution is to disable the checking for:  VBA:Downloader-BUO [Trj].

I already have the heuristics set to low.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 70033
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Disabling certain virus definitions
« Reply #3 on: October 04, 2017, 01:12:09 PM »
You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0