Author Topic: False positives (Read 15937 times)

REDACTED · « **on:** April 05, 2018, 10:23:31 PM »

I have recently switched from Avast to Avg due to performance reasons and the behavior shield that Avg uses seems to detect more false positives than Avast ever did. In the last few weeks, a legitimate process in windows (can't remember which one it was) and TeamViewer's sponsor window "7.hta" have both been blocked, an occurrence that had never happened while I was using Avast. $:-\$

EDIT: The windows process in question was "mshta.exe".

Milos · « **Reply #1 on:** April 06, 2018, 08:57:33 AM »

Hello,
post a screenshot of the window with detection, please.

Milos

REDACTED · « **Reply #2 on:** April 06, 2018, 10:39:51 PM »

Quote from: Milos on April 06, 2018, 08:57:33 AM

post a screenshot of the window with detection, please.

This is for the Teamviewer app. I couldn't reproduce the windows process one because it happened on a laptop I was servicing, you'll just have to trust me on that one.

REDACTED · « **Reply #3 on:** April 17, 2018, 01:52:54 PM »

Here's another false positive detected by the behavior shield. This is a legitimate AutoCad installation file downloaded from their website.

VirusTotal analysis: https://www.virustotal.com/#/file/b9c299c25f8d4658ff433062c770400b20fc9bcf6c8c6abc1d587d5d90fc3c07/detection

Michael (alan1998) · « **Reply #4 on:** April 17, 2018, 02:25:43 PM »

In response to your lats post (and picture) - if I'm thinking of the right think, IDP detection's have a guideline to follow for detection that is almost universal. Though I can't find the information on it.

Milos (or someone qualified from Avast!) will swing by again and check things out.

REDACTED · « **Reply #5 on:** April 27, 2018, 04:48:42 PM »

Here is a screenshot of the issue. Its happening to me as well now after I update teamviewer.

Asyn · « **Reply #6 on:** April 28, 2018, 05:15:07 AM »

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

REDACTED · « **Reply #7 on:** May 19, 2018, 02:10:36 PM »

Even after reporting the file, and getting a response from Avast that it has been whitelisted, the 7.hta file is still getting flagged.

Asyn · « **Reply #8 on:** May 19, 2018, 04:53:41 PM »

Quote from: chaloja_no on May 19, 2018, 02:10:36 PM

Even after reporting the file, and getting a response from Avast that it has been whitelisted, the 7.hta file is still getting flagged.

Strange, wait for Milos...

REDACTED · « **Reply #9 on:** August 05, 2018, 07:36:02 PM »

Hello!

Any news regarding this problem?

PDI · « **Reply #10 on:** August 06, 2018, 08:41:13 AM »

Hi,

the problem of the 7.hta is that it's generated after each start or the TeamViever Free. You should add the exception for the full path for Behavioral Shield.

Regards,
PDI

REDACTED · « **Reply #11 on:** August 06, 2018, 08:56:06 PM »

Quote from: JohnAndy on August 05, 2018, 07:36:02 PM

Hello!

Any news regarding this problem?

Yes, I was contacted by Avast recently. They said they'd have to look into it with TeamViewer's representatives as the software itself is generating "very suspicious files with adverts with no digital signature".

Author Topic: False positives (Read 15937 times)

REDACTED

False positives

Milos

Re: False positives

REDACTED

Re: False positives

REDACTED

Re: False positives

Michael (alan1998)

Re: False positives

REDACTED

Re: False positives

Asyn

Re: False positives

REDACTED

Re: False positives

Asyn

Re: False positives

REDACTED

Re: False positives

PDI

Re: False positives

REDACTED

Re: False positives