Author Topic: Fasle Positive?  (Read 2321 times)

0 Members and 1 Guest are viewing this topic.

Jem

  • Guest
Fasle Positive?
« on: January 24, 2007, 05:38:20 PM »
Appreciate your opinion here...

Apparently very reputable site... http://www.msnmonitor.com/index.htm They have a product called  MSN Monitor & Sniffer which, if I attempt to download produces a warning, screenshot attached...

Appreciate your views on this...the site itself doesn't cause any problems by the way, it's only when you choose to save the file.

Thanks.



Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Fasle Positive?
« Reply #1 on: January 24, 2007, 05:43:37 PM »
Yes, seems a false positive... but, to be sure, please submit it to JOTTI or VirusTotal and let us know the result.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be carefull, you should 'exclude' that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file -  there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Fasle Positive?
« Reply #2 on: January 24, 2007, 05:57:01 PM »
Well something that monitors or a sniffer might possibly be used for a different, non-standard or malicious purpose, this may have been what triggered the alert. Confirm using Virus Total and Jotti as suggested.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Jem

  • Guest
Re: Fasle Positive?
« Reply #3 on: January 24, 2007, 06:25:09 PM »
Virus Total gives me this...
Jotti rells me the file is 0 bytes and refuses to do anything...  >:(

Jem

  • Guest
Re: Fasle Positive?
« Reply #4 on: January 24, 2007, 06:44:16 PM »
...got Jotti to work...see attached...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Fasle Positive?
« Reply #5 on: January 24, 2007, 07:15:03 PM »
Usually a zero 0 byte size indicates you tried to upload it from the virus chest which is a protected folder that won't allow outside access.

I assume that was why it didn't work at first.

Whilst others also detect this, they do it in what I would say is a better way by reporting it as a net tool, but that doesn't I feel place much emphasis on the potential if it weren't being used by a legitimate program in legitimate manner. You are the only person that can truly decide that and set-up the exclusions as mentioned by Tech.

You could send the sample to virus@avast.com zipped and password protected with password in email body and possible false positive in the subject. avast would then decide if they feel it is correct, I would suggest you put a link to this topic in the email.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security