Avast just classed a Windows update file as Win64:Malware-gen

[REDACTED]

^ Like the title says and the screenshot below demonstrates. Avast version is .2322 and virus definitions update is 180113-0 (which judging by the numbering is from today). Was working on my laptop this morning when an Avast alert popped up.

I removed Avast on my desktop/main PC in order to get the Meltdown patch, but left it on my laptop as I don't use it that often and figured the Meltdown difficulties would be sorted eventually. Well...so much for that, apparently. My laptop tried to pull down KB4056892 along with a Malicious Software Removal Tool update (KB890830), only for Avast to interfere by shoving one of the update files into its Virus Chest. I restored it, but the updates are still stuck at "Installing - 0%," presumably because of this. Charming.

While I'm aware that false positives do happen, this is really beyond the pale IMHO. I think I'm done with Avast.

[Pondus]

Like the title says and the screenshot below demonstrates.

and like the name of this forum section say


Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier
Avast Free/Pro/IS/Premier topics and issues, not viruses or false alarms here!

[rocksteady]

I have just had the samer thing. Win64:Malware-gen put inetcpl.cpl in virus chest. How do I get it back to where it belongs, as relates to AMD fix.
Ed

[REDACTED]

I got the same thing today.  I am running windows 10 and have Avast Internet Security which I pay for.  When will this be fixed?

[rocksteady]

On this forum there is a section dedicated to viruses (and false positives) to be discussed as hinted by Pondus. But what Pondus does not mention is that the UI has changed since 2015, so the advice (on Avast Blog) how to use the Virus Chest to scan, report or restore files is outdated. I only found out by trial that only way to get access to the suspect file is to tick to select it and use dropdown from green box to send for analysis. Annother Avast annoyance. Await confirmation of false positive and a fix before I restore the file.

edit:
I have no objection if Moderators wish to move this thread to virus and false positives reports section of the forum here :
Viruses and Worms  https://forum.avast.com/index.php?board=4.0 
However, there should maybe a link to this antivirus program item:
Topic: MS Security Update for Meltdown   https://forum.avast.com/index.php?topic=212691.0 
FYI. I have submitted my file for analysis as a potential false positive in order to release it from virus chest. I have downloaded latest MWB and done a scan and no threats were reported before or after file was reinstated.

Ed

[Pondus]

But what Pondus does not mention is that the UI has changed since 2015, so the advice (on Avast Blog) how to use the Virus Chest to scan, report or restore files is outdated.

There is more then one way to report  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

[Milos]

Hello,
we do not see such file sent by any user. Send us the detected file, please. Use https://www.avast.com/false-positive-file-form.php

Milos

[rocksteady]

Hi Milos,
Not been back here as since reinstating the file from virus chest it has not caused any problem. All I can say is I followed the Virus Chest [green box] process of submitting as false positive. That then allowed me access to the file to reinstate it. So seems a fault in Virus Chest if it says file has been submitted but you guys didn't get it.
Ed