Author Topic: Disabling certain virus definitions  (Read 2467 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Disabling certain virus definitions
« on: October 04, 2017, 11:43:48 AM »
I keep getting the trojan match on multiple Excel files: VBA:Downloader-BUO [Trj]

It appears that it's triggered by a simple http get/post line in the vba scripts. I've programmed it from ground up, so chances of having trojans are practically nill. Also no other anti-virus products are triggered by it.

Any possibilities on white-listing certain types of detection strings? Preferably managed over the cloud. Or is my only possibility to flag every instance as a false positive and hope that Avast will make a change on their end? I cannot white-list a location as these files are all over the shared network drive.

Cheers,
Jamie
« Last Edit: October 04, 2017, 11:46:35 AM by Jamie.dd »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: Disabling certain virus definitions
« Reply #2 on: October 04, 2017, 01:10:22 PM »
-> https://www.avast.com/faq.php?article=AVKB229#artTitle
-> https://www.avast.com/faq.php?article=AVKB228#artTitle

I'm afraid those don't help much. For the first link: Excel files are not binaries that remain unchanged, thus there is no fingerprint to whitelist.

Second link: Excel files are not binaries, executables or installables.

Modern Excel files have the ending .xlsm or .xlsb with no precompiled code.

The most effective solution is to disable the checking for:  VBA:Downloader-BUO [Trj].

I already have the heuristics set to low.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Disabling certain virus definitions
« Reply #3 on: October 04, 2017, 01:12:09 PM »
You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0