Author Topic: Possible false positives on intranet Avast/AVG  (Read 1338 times)

0 Members and 1 Guest are viewing this topic.

Offline CourseVector

  • Newbie
  • *
  • Posts: 4
Possible false positives on intranet Avast/AVG
« on: June 12, 2023, 10:53:29 PM »
I have two employees that reported a warning on both AVG and Avast which I'm pretty sure is a false positive. Below are the two versions in question:

AVG Technologies Software Version: 23.5.3286 (build 23.5.8195.786) on Windows 10, Version 22H2
Avast Security 15.6.0. Free version on macOS 12.0.1

Both reported this error: "HTML:Iframe-inf [Susp]"
Is there any way to get more information on why it thinks there is something malicious? The intranet site that triggered the warning it's a ticketing system. There is an iframe for the message editor, and one for file uploads. But they have been running those programs for a year or more and the software for the ticketing system hasn't changed in about the same time. I'm thinking maybe a bad update went out recently?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Possible false positives on intranet Avast/AVG
« Reply #1 on: June 13, 2023, 01:21:07 AM »
Though you don't mention the site (any link shouldn't be active only the domain name) or post a screenshot or the Alert Window with the Details option selected.  See screenshot below.

You can use the Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline CourseVector

  • Newbie
  • *
  • Posts: 4
Re: Possible false positives on intranet Avast/AVG
« Reply #2 on: June 13, 2023, 04:29:14 PM »
Thanks for the screenshot, I've uploaded the messages they encountered. The domain in question is support.coursevector.com.

I also went ahead and submitted a request at the URL you provided. Thanks!
« Last Edit: June 13, 2023, 04:31:11 PM by CourseVector »

Offline CourseVector

  • Newbie
  • *
  • Posts: 4
Re: Possible false positives on intranet Avast/AVG
« Reply #3 on: June 13, 2023, 04:29:54 PM »
Had to add the last attachment separately due to file size

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Possible false positives on intranet Avast/AVG
« Reply #4 on: June 13, 2023, 05:38:58 PM »
Nothing found here - https://www.virustotal.com/gui/url/185040910251e118c895724e3bbea8c7fd0c3b3d5b573df8ca80ec922ea23eb8?nocache=1
Some issues reported here - https://en.internet.nl/site/support.coursevector.com/2147665/
Minimal Security Risk reported here - https://quttera.com/detailed_report/support.coursevector.com

Now I tried to access that link support.coursevector.com and got a notice that "Public side is disabled."
I don't know if that would also impact some of the tests I ran listed above.

You can use the possible false positive link I gave before - however I don't know if that too would be impacted by the "Public side is disabled" issue mentioned.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Leo3487

  • Jr. Member
  • **
  • Posts: 71
Re: Possible false positives on intranet Avast/AVG
« Reply #5 on: June 14, 2023, 01:01:25 AM »
You mean Avast cant check (then exclude if needed) an intranet site than is not intended for public access?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Possible false positives on intranet Avast/AVG
« Reply #6 on: June 14, 2023, 01:07:43 AM »
You mean Avast cant check (then exclude if needed) an intranet site than is not intended for public access?

As an Avast User, I don't know.

However given your being able to access that site via a browser, the Web Shield would also be able to access it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline CourseVector

  • Newbie
  • *
  • Posts: 4
Re: Possible false positives on intranet Avast/AVG
« Reply #7 on: June 14, 2023, 04:05:55 PM »
Right, while it is publicly online, it's private and must login to view anything which is why i didn't put the URL up before. I did use the false positive link you sent earlier and it looks like they've taken care of it already.

"We have now cleared its reputation in our database based on the findings and removed the detection."

Thanks for your direction!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Possible false positives on intranet Avast/AVG
« Reply #8 on: June 14, 2023, 05:34:36 PM »
Thanks for the confirmation.

You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security