Author Topic: False positive on a file detected as Win32:Evo-gen[Susp] (Read 6523 times)

Basu · « **on:** November 30, 2017, 04:52:24 PM »

Avast antivirus detects a file (approx. 56 MB size) as Win32:Evo-gen[Susp]. However, a test conducted with VirusTotal come out as clean even for Avast scan via VirusTotal.

Here is the VirusTotal report: https://www.virustotal.com/en/file/5e299520ac3bb01ebfaa85caa7a7644ee7118b3906d8f485ba4adcc1f35e974c/analysis/

I request resolution of this false positive.

Thank you.

Pondus · « **Reply #1 on:** November 30, 2017, 05:20:52 PM »

Win32:Evo-gen[Susp] = Suspicious

Quote

However, a test conducted with VirusTotal come out as clean even for Avast scan via VirusTotal.

Your screenshot show analysis date from yesterday.

Result today
https://www.virustotal.com/#/file/5e299520ac3bb01ebfaa85caa7a7644ee7118b3906d8f485ba4adcc1f35e974c/detection

If you think it is wrong, report it >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

polonus · « **Reply #2 on:** November 30, 2017, 05:59:10 PM »

These results support a FP: https://www.herdprotect.com/domain-www.hamsphere4.com.aspx
and here: https://www.reasoncoresecurity.com/hamsphere_4.010-setup.exe-4f2cbbcadddf4d44fd9f5c144737e75e94610c02.aspx

pol

Basu · « **Reply #3 on:** November 30, 2017, 08:54:23 PM »

@Pondus, @Polonus... Here is another rescan done a few minutes ago of the same file earlier submitted to VirusTotal. This time it is again back to my earlier results. Apparently, even the Avast scan via VirusTotal is not very consistent...

https://www.virustotal.com/en/file/5e299520ac3bb01ebfaa85caa7a7644ee7118b3906d8f485ba4adcc1f35e974c/analysis/

The result is back to 5/66 with Avast not detecting and showing green. I am attaching another latest screenshot also.

Pondus · « **Reply #4 on:** November 30, 2017, 09:18:27 PM »

I reported this post to avast team and @Milos was looking at it so detection may be removed now if it was a FP

Have you run a manual avast update?
Does your installed avast still detect?

Basu · « **Reply #5 on:** November 30, 2017, 09:36:15 PM »

Thank you Pondus,

I just manually updated the definition file on one of my machines to the latest version 171130-6 dated 11/30/2017 11:39:43 pm... Eureka, it seems to be OK. Not detected this time.

I will now try it out on all my other machines which have Avast installations and report back.

Thank you once again.

denics · « **Reply #6 on:** November 30, 2017, 10:33:27 PM »

Hi, the false positive should be now fixed. Sorry for the inconvenience.

Basu · « **Reply #7 on:** November 30, 2017, 11:05:25 PM »

Hi denics,

Thank you for a quick resolution... You guys rock.

Regards,
Basu

Author Topic: False positive on a file detected as Win32:Evo-gen[Susp] (Read 6523 times)

Basu

False positive on a file detected as Win32:Evo-gen[Susp]

Pondus

Re: False positive on a file detected as Win32:Evo-gen[Susp]

polonus

Re: False positive on a file detected as Win32:Evo-gen[Susp]

Basu

Re: False positive on a file detected as Win32:Evo-gen[Susp]

Pondus

Re: False positive on a file detected as Win32:Evo-gen[Susp]

Basu

Re: False positive on a file detected as Win32:Evo-gen[Susp]

denics

Re: False positive on a file detected as Win32:Evo-gen[Susp]

Basu

Re: False positive on a file detected as Win32:Evo-gen[Susp]