Author Topic: Different AV-Engines reporting Avast-Files as Virus !  (Read 5140 times)

0 Members and 1 Guest are viewing this topic.

Offline svnupa

  • Jr. Member
  • **
  • Posts: 27
Different AV-Engines reporting Avast-Files as Virus !
« on: September 24, 2023, 10:18:23 AM »
Hello,

different Anti-Virus-Engines reporting Avast-Files as variant of tedy.

For example Emsisoft - attached a sample of the report file.

C:\Program Files\Avast Software\Avast\defs\23092204\aswJsFlt.dll    erkannt: Gen:Variant.Tedy.381197 (B) [krnl.xmd]
C:\Program Files\Avast Software\Avast\setup\vps_binaries-1194.vpx -> (Embedded EXE g)    erkannt: Gen:Variant.Tedy.381197 (B) [krnl.xmd]
C:\Program Files\Avast Software\Avast\x86\aswJsFlt.dll    erkannt: Gen:Variant.Tedy.381197 (B) [krnl.xmd]

You can find a confirmation for this on Virus-Total, too.
Hash to analysis: 69a766e623ef95e183884d32442018a0d2ef2e74d1fc63639e4b9ac41f016552

Is the reason the Engine by itselfs ?
Windows 10 Professional - Avast Free Antivirus - Avast Secure Browser

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
  • F-Secure

Offline svnupa

  • Jr. Member
  • **
  • Posts: 27
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #2 on: September 24, 2023, 11:19:58 AM »
Sorry, that's not helpful.
I am using the Emsisoft Emergency Kit (not full installation).
Windows 10 Professional - Avast Free Antivirus - Avast Secure Browser

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
  • F-Secure
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #3 on: September 24, 2023, 11:22:21 AM »
There is nothing strange here, it is a Classic conflict that happens when Running multiple security programs

https://www.kaspersky.com/blog/multiple-antivirus-programs-bad-idea/2670/

« Last Edit: September 24, 2023, 12:10:46 PM by Pondus »

Offline Mr. Consumer

  • Full Member
  • ***
  • Posts: 134
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #4 on: September 25, 2023, 03:04:54 PM »
It was a false positive from Bitdefender which has been fixed now. Besides, those are not different engines. There are quite a few products that use the Bitdefender engine. So when there's a false positive with Bitdefender, it will result in many detections in Virustotal.

Offline Nunzio77

  • Poster
  • *
  • Posts: 480
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #5 on: September 25, 2023, 03:22:55 PM »
The hash was processed by Bitdefender so in Hitman Pro it should no longer be seen as malware.
Thank you and good day!
Nunzio
----------------------------
Avast Free - Windows 10 Pro-32 Bit, Intel Core2 Duo CPU T7500, RAM 4 Gb, SDD 512 Gb, ATI Mobile Radeon HD 2400 - Avast Mobile Security Free - Smartphone Android

Offline svnupa

  • Jr. Member
  • **
  • Posts: 27
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #6 on: September 25, 2023, 07:40:10 PM »
Thanks. Emsisoft confirmed whitelisting today.
« Last Edit: September 30, 2023, 05:15:06 PM by svnupa »
Windows 10 Professional - Avast Free Antivirus - Avast Secure Browser

Offline Dinobot2

  • Poster
  • *
  • Posts: 447
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #7 on: September 27, 2023, 12:56:29 AM »
I am pulling these up on my Emsisoft scan as well. The scan is still in progress but so far I'm getting two instances of Gen:Variant.Tedy.381197 (B) and are being flagged under their Malware category.

For some context, I'm not using a full Emsisoft installation or protection either, just their Emergency Kit scanner. I have used this for two years on and off, which I have had with Avast running Real-time protection, and this is the first time it has pulled these two instances up. So I don't think this is a case of having two "conflicting" AV apps as some are suggesting.

So even if these are false positives, is it ok to delete these files? Would deleting them cause Avast to malfunction? Or would Avast just re-download these files again after a definitions update?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89640
  • No support PMs thanks
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #8 on: September 27, 2023, 01:24:58 AM »
What would you expect when (if you are getting the same location as the OP) scanning the virus signature files is likely to produce the same issue. 
It is essentially still a conflict, avast also has low level drivers to be able to actively inspect files, etc. these actions could well be considered suspect. 

So it isn't just running two resident scanners, but when scanning Avast files and locations could result in a false positive.  So you have to look at the location and file and ensure it isn't Avast Antivirus related.

Why the hell would you want to delete Avast files (and screw with your avast installation) if they are essentially false positives.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #9 on: September 27, 2023, 02:09:39 AM »
I am pulling these up on my Emsisoft scan as well. The scan is still in progress but so far I'm getting two instances of Gen:Variant.Tedy.381197 (B) and are being flagged under their Malware category.

For some context, I'm not using a full Emsisoft installation or protection either, just their Emergency Kit scanner. I have used this for two years on and off, which I have had with Avast running Real-time protection, and this is the first time it has pulled these two instances up. So I don't think this is a case of having two "conflicting" AV apps as some are suggesting.

So even if these are false positives, is it ok to delete these files? Would deleting them cause Avast to malfunction? Or would Avast just re-download these files again after a definitions update?

I don't trust Emsisoft since I've used their Emergency Kit scanner in the past, and it's not very reliable in detecting malware, PUP or any other type of virus side by side with Avast.

I strongly prefer MalwareBytes (MBAM) side by side with Avast, MalwareBytes has been very reliable for years in detecting malware, PUP or any other type of virus side by side with Avast.
« Last Edit: September 27, 2023, 02:13:31 AM by SpeedyPC »
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v24.3.6108 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline Dinobot2

  • Poster
  • *
  • Posts: 447
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #10 on: September 27, 2023, 02:25:51 AM »
What would you expect when (if you are getting the same location as the OP) scanning the virus signature files is likely to produce the same issue. 
It is essentially still a conflict, avast also has low level drivers to be able to actively inspect files, etc. these actions could well be considered suspect. 

So it isn't just running two resident scanners, but when scanning Avast files and locations could result in a false positive.  So you have to look at the location and file and ensure it isn't Avast Antivirus related.

Why the hell would you want to delete Avast files (and screw with your avast installation) if they are essentially false positives.

Ok, but that still doesn't explain why these EEK results are happening now. Like I said, I've used EEK as a supplemental tool for two years now, with Avast Free on my computer that whole time, and this is the first time I have produced these scan results. There's also the fact that it isn't identifying every .dll file in the Avast folder, just that one (aswJsFlt.dll) in particular. So, maybe there's an issue with that particular file? Maybe it would be replaced in an update? I also did a clean install of Avast two days ago for unrelated reasons, so perhaps something went wrong in the installation process, etc. There are plenty of reasons why it would show up on a different virus scan aside from "don't have two AV software installed."


I don't trust Emsisoft since I've used their Emergency Kit scanner in the past, and it's not very reliable in detecting malware, PUP or any other type of virus side by side with Avast.

I strongly prefer MalwareBytes (MBAM) side by side with Avast, MalwareBytes has been very reliable for years in detecting malware, PUP or any other type of virus side by side with Avast.

I have used MalwareBytes in the past (like early 2010s) and liked it, but over the last few years a full C drive scan took anywhere between 16-20 hours to complete, so I stopped using it for that reason.

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #11 on: September 27, 2023, 02:54:59 AM »
I have used MalwareBytes in the past (like early 2010s) and liked it, but over the last few years a full C drive scan took anywhere between 16-20 hours to complete, so I stopped using it for that reason.

You need to exclude files into your malwarebytes and avast to avoid conflict issue side by side, see attachment FYI


Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v24.3.6108 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline Dinobot2

  • Poster
  • *
  • Posts: 447
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #12 on: September 27, 2023, 03:08:49 AM »
Sure but I don't know if that's the reason to it taking long.

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #13 on: September 27, 2023, 03:11:30 AM »
Sure but I don't know if that's the reason to it taking long.
Trust me, I had the same similar issue.
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v24.3.6108 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline Dinobot2

  • Poster
  • *
  • Posts: 447
Re: Different AV-Engines reporting Avast-Files as Virus !
« Reply #14 on: September 27, 2023, 04:29:31 AM »
Just to show people what I mean, here are the two results from two scans using the exact same parameters less than 10 months apart. The one today was aborted but that one picked up the avast files and flagged them as Malware, the one that was completed did not.
« Last Edit: September 27, 2023, 05:48:54 AM by Dinobot2 »