Author Topic: False positives on urls by Avast.  (Read 622 times)

0 Members and 1 Guest are viewing this topic.

Offline MATR1X

  • Newbie
  • *
  • Posts: 3
False positives on urls by Avast.
« on: May 20, 2024, 11:50:11 PM »
 Avast has been giving false positives with websites it shouldn't lately, one of them being this one: tdesktop.telega.one and the other one: http://cpanel.ezyro.com/

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: False positives on urls by Avast.
« Reply #1 on: May 21, 2024, 12:56:04 AM »
How do you know they are false positives ?
Avast has been giving false positives with websites it shouldn't lately, one of them being this one: tdesktop.telega.one and the other one: hXXp://cpanel.ezyro.com/

Please break active links to suspect sites to avoid accidental exposure (as I have in the quoted text).

There are sites that can also check a site link and or file upload.
https://www.virustotal.com/
https://en.internet.nl/
https://sitecheck.sucuri.net/
https://quttera.com/website-malware-scanner

New location to report both a False Positive and or a False Negative - https://www.avast.com/submit-a-sample#pc
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline MATR1X

  • Newbie
  • *
  • Posts: 3
Re: False positives on urls by Avast.
« Reply #2 on: May 21, 2024, 03:04:39 AM »
tdesktop.telega.one is a Telegram domain, it cannot be a malicious URL. The other link is a cPanel URL.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: False positives on urls by Avast.
« Reply #3 on: May 21, 2024, 03:17:17 AM »
tdesktop.telega.one is a Telegram domain, it cannot be a malicious URL. The other link is a cPanel URL.

The fact that it is a telegram domain doesn't mean it can't be infected.

I don't work for Avast, just trying to help.
I can only point you in the right direction, what you choose to do is up to you.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37612
  • Not a avast user

Offline MATR1X

  • Newbie
  • *
  • Posts: 3
Re: False positives on urls by Avast.
« Reply #5 on: May 23, 2024, 06:08:08 AM »
The fact that some engines detect it does not validate that it is malicious. If you look closely, they are lesser-known engines that cannot be taken into account. Not even Avast appears in the list of detections. Additionally, reputable antivirus programs such as ESET, Kaspersky, and others do not detect the URL as malicious. Therefore, the analysis of renowned engines is more reliable than, for example, CRDF.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37612
  • Not a avast user
Re: False positives on urls by Avast.
« Reply #6 on: May 23, 2024, 07:17:57 AM »
Quote
Not even Avast appears in the list of detections.
It never vil becaus they dont have there blacklist represented at VT


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: False positives on urls by Avast.
« Reply #7 on: May 23, 2024, 12:17:07 PM »
Quote
Not even Avast appears in the list of detections.
It never will because they don't have there blacklist represented at VT

That is correct as Avast only does live (on-access) scans on websites from within the running program and not the on-demand scan from within Virus Total.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5710
  • Spartan Warrior
Re: False positives on urls by Avast.
« Reply #8 on: May 24, 2024, 06:36:55 AM »
I'd say most recent scan of the telegraph site shows 13 detections only 48 minutes ago.  Being a telegraph site does not mean it cannot become a malicious site.

Attached find alerts from avast free antivirus, both are blacklisting detections, as below.

Pondus is correct, Avast is focused on real-time detection. and not the on-demand scan used at VirusTotal.

If you can prevent the threat from ever running on your system, you have defeated it.

Please break the live link so others will not be infected, as hXtps://.  Thank you.

Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5710
  • Spartan Warrior
Re: False positives on urls by Avast.
« Reply #9 on: May 24, 2024, 07:19:22 AM »
Additional findings using another top-rated antivirus real-time scanner:  Total AV Pro Trial version.

Note that telg site has secure transport issues when attempting to connect with https://. 

The other, hxtp://cpanel.ezyro.com is detected as malware by Total AV Pro trial version.  Attempting to connect results in a real-time block.

Seems you have some issues to rectify to protect your web visitors from harm.   ::)

« Last Edit: May 24, 2024, 07:23:18 AM by mchain »
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803