Author Topic: What do I do with the alert dialog box when Avast throws a false positive?  (Read 3383 times)

0 Members and 1 Guest are viewing this topic.


  • Guest
What do I do with the alert dialog box when Avast! throws a false positive?  There seems not to be an 'ignore' button.  The havoc caused by a false positive is a great nuisance as Avast! seems intent on crippling the app.  Also, one is taken by surprise when a system one justifiably believes to be clean is suddenly said to contain a virus in a file which is part of a trusted application.


Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Depends on what dialog box your talking about, the one I see has Mo Action on it. You also don't mention the malware name, file name and its location ?

However, you can click ignore forever avast won't let you execute a file it believes is infected, you would have to exclude it and before you do that you should confirm the detection.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here.

If it is indeed a false positive, see, how to report it to avast! and what to do to exclude them until the problem is corrected.
« Last Edit: May 31, 2008, 08:44:55 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security


  • Guest
Thanks David.  Yes, that's the dialog box I saw.  Which button do I click to confirm detection please?  None of the button labels actually say 'confirm detection'.   :-\

Rick F

  • Guest
By 'confirm detection', David means to submit the file (upload it) to Virus Total and let them check it to see if it's in fact malware.  If it's deemed clean, then go ahead and exclude it from being scanned.

BUT.... when I had that false positive last week with SAS (SuperANTISPYWARE), I ignored the detection, then excluded it from being scanned and I still couldn't run it OR submit it to VirusTotal.  So avast sometimes does something to the file to keep it from running or being copied.  Not sure what though.

Hope this helps (some)  ???


  • Guest
This is too confusing.  The problem is that Avast can disrupt a system by generating a false positive and prevent a knowledgeable user from overriding Avast's actions.  This software is very non-intuitive which is a shame because there are so many good features.  I particularly like the scanning of web traffic which is, in my opinion, the most dangerous attack vector.

I can foresee Avast causing me some gratuitously serious aggro somewhere down the line.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user

Unfortunately any antivirus can confuse a user by generating a false positive.  One of life's downsides.  I think I have had 2 or 3 false positives in the 4 years I have been using avast.   When I encounter such inconvenience I recall how much I paid for avast - nothing.  When I work with the avast team to get the false positive fixed ... which has always been done quickly ... I am doubly grateful for this free software
This product is designed for the vast majority of avast users and therefore not necessarily for the comfort of knowledgeable users. Though I find it puzzling that it is "too confusing" for a "knowledgeable" user. 
« Last Edit: June 01, 2008, 10:43:41 AM by alanrf »


  • Guest
Fair comment.  One must not look a gift horse in the mouth.  Avast! is a good product which coexists with other security software very well.  AVG 8 Free seems not to be free of operational problems which is why I have ceased to use AVG.

In addition to Avast! 4.8, I use Agnitum Outpost 4, Threatfire 3.5.0, Spybot - Search and Destroy 1.5.2, Spyware Blaster 4, Spyware Doctor 4.1.

Avast does seem to be kind to Windows installations.  One would hope that Avast! looks at the slightly mysterious aspects of this product.  Some options are not very obvious.