Author Topic: False Positive, How Do I let Avast ignore it?  (Read 14076 times)

0 Members and 1 Guest are viewing this topic.

dodish

  • Guest
False Positive, How Do I let Avast ignore it?
« on: July 17, 2010, 04:39:15 AM »
Well, there is a program/injector for a game.
I was using it before I installed AVAST again, and it had no viruses, and didn't damage my computer at all with no harm or what so ever done.
So now, I try to download the injector again, and Its giving be a "Win32: Malware-gen" . And even with my own injector that I created and lost and uploaded to another site, it said it had a malware.

So basically my question is, How can I let Avast ignore this false-positive, I'm pretty sure, it's not a virus/trojan/malware.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87447
  • No support PMs thanks
Re: False Positive, How Do I let Avast ignore it?
« Reply #1 on: July 17, 2010, 05:00:39 AM »
Never ignore, act.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add it to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.1.6049 (build 23.1.7883.774) UI 1.0.746/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

dodish

  • Guest
Re: False Positive, How Do I let Avast ignore it?
« Reply #2 on: July 17, 2010, 05:43:07 AM »
DavidR,

Thanks for the help,
I'm still following what you said.

But there is one thing, it's when i'm trying to download it.
now, I was messing around with expert settings, like what to do, delete , ask, etc.
and for the pup,virus, and suspicious, I put delete for every form.

now, when I try to download the file again, it gives me this error " C:\Users\Dodish\AppData\Local\Temp\UX06E7YA.rar.part could not be saved, because the source file could not be read. Try again later, or contact the server administrator."

I try to download it again, it gives me the same error, but a different path, but same thing as users,dodish,appdata, local and temp. and the rest after \Temp\ , it changes.

sorry for my english, my english not very good.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87447
  • No support PMs thanks
Re: False Positive, How Do I let Avast ignore it?
« Reply #3 on: July 17, 2010, 05:02:26 PM »
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

It really is best to leave avast at the default setting, certainly until you have a better understanding of the program as there is no restore default settings and you could really mess up if you delete a file (PUP = Potentially Unwanted Program) for a program that isn't really an issue.

I din;t believe the error about the inability to download is down to avast, certainly not unless avast alerted during the download (and you don't mention that) as it would abort the connection and the .part file wouldn't be complete. The problem does appear to be source/server related given the explanation, "could not be saved, because the source file could not be read. Try again later, or contact the server administrator."
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.1.6049 (build 23.1.7883.774) UI 1.0.746/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security