Author Topic: How to report this False possitive?  (Read 10346 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: How to report this False possitive?
« Reply #15 on: August 16, 2011, 01:24:25 PM »
Yeah, have done that 3 times since yesterday plus having send the file and i send them the link to this thread. Now i will just have to wait and see when i get an answer.  :)

Yes, unfortunately waiting is never easy.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: How to report this False possitive?
« Reply #16 on: August 19, 2011, 02:11:58 PM »
Okay how long can it take for the virus labs to check a file. I realize that the one i send them is not the only one they have to check but still. It is now 4 days ago that i send them the file i mentioned in the opening post of this thread, and so far i have not received any email back from them.

When i boot my computer i still get the warning that can be seen on the first page. So it is not that they fixed it or something and then forgot to email me with the end result.
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: How to report this False possitive?
« Reply #17 on: August 19, 2011, 02:30:10 PM »
As I said in other such posts you are unlikely to get a reply unless they need more information.

The difference being in this case if they scan the file in isolation, they aren't going to find anything as essentially the file is clean, it is just that it is being detected by the anti-rootkit scan which isn't using the conventional virus signatures and that would have to be made clear in any submission and a link to this topic which I said 4 days ago.

<snip>
That doesn't stop you sending the sample file to avast with as much information as possible about the alert being the anti-rootkit scan 8 minutes after boot, your OS, Graphics card and the driver version, etc. A link to this topic wouldn't hurt.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: How to report this False possitive?
« Reply #18 on: August 19, 2011, 02:49:35 PM »
As I said in other such posts you are unlikely to get a reply unless they need more information.

The difference being in this case if they scan the file in isolation, they aren't going to find anything as essentially the file is clean, it is just that it is being detected by the anti-rootkit scan which isn't using the conventional virus signatures and that would have to be made clear in any submission and a link to this topic which I said 4 days ago.

<snip>
That doesn't stop you sending the sample file to avast with as much information as possible about the alert being the anti-rootkit scan 8 minutes after boot, your OS, Graphics card and the driver version, etc. A link to this topic wouldn't hurt.

I remember and that is why i did send them another email that same day after i saw your post in which i gave them a link this thread.
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: How to report this False possitive?
« Reply #19 on: August 19, 2011, 02:53:14 PM »
If the second email was just to give the link to the topic it would be in isolation from the first would be hard to tie to the other email; so hopefully you attached the file and copied the other information.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: How to report this False possitive?
« Reply #20 on: August 19, 2011, 03:00:12 PM »
If the second email was just to give the link to the topic it would be in isolation from the first would be hard to tie to the other email; so hopefully you attached the file and copied the other information.

Well i did copy the text from the previous email to them but not the file itself. I thought since they already have it, i did not need to send them the file again. Should i send them another email with the same request and the file plus link to this thread?
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: How to report this False possitive?
« Reply #21 on: August 19, 2011, 04:15:58 PM »
Personally I would send the complete package file, info and link to the topic again.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: How to report this False possitive?
« Reply #22 on: August 19, 2011, 04:17:33 PM »
Alright i will send it to them with the information you mentioned, thanks DavidR.
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: How to report this False possitive?
« Reply #23 on: August 19, 2011, 04:29:43 PM »
You're welcome, I have also tried another avenue to draw attention to this.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: How to report this False possitive?
« Reply #24 on: August 19, 2011, 06:25:05 PM »
You're welcome, I have also tried another avenue to draw attention to this.

I have no ides what that avenue is, but thanks none the less.  :)
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: How to report this False possitive?
« Reply #25 on: August 22, 2011, 11:56:51 AM »
I have received a reply to my request and this will be passed over the the person responsible for this area (presumably the anti-rootkit scan detections). So finger crossed it should be resolved soon.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: How to report this False possitive?
« Reply #26 on: August 22, 2011, 02:49:12 PM »
I really hope so because that message at boot up is really...really starting to get annoying.
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: How to report this False possitive?
« Reply #27 on: August 25, 2011, 04:12:44 PM »
Tomorrow it will be two weeks since i first reported the problem i mentioned on the first page. On the 19th i have re-send the False positive file and all information suggested by DavidR. So they have gotten the FP file twice plus the needed information...all in two weeks time.

Now DavidR has mentioned that you do not always get an email back so that is not the problem i have with right now. But what i do have a problem with is that after two weeks i still get that message at boot up(Got it just now again when i booted up.). I am a patient man but right now i am also getting a bit PO to keep things polite. To me it looks like nothing has been done about my problem in the past two weeks.

And i really do not like to feel that way but i do right now...so i would like to know what is up with this situation. This is not what i am used to from Avast!!
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: How to report this False possitive?
« Reply #28 on: August 25, 2011, 04:34:09 PM »
It isn't what I'm used to from over seven years of using avast and these forums either and it is quite frustrating.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: How to report this False possitive?
« Reply #29 on: August 25, 2011, 05:41:20 PM »
It most certainly is frustrating, i just scanned the file again with Virus Total and again as before it shows the status "clean".

http://www.virustotal.com/file-scan/report.html?id=4ad0556df8a833074b723a15fc3e99314fb457157c91238c44e933b13294bb17-1314285329

Also a friend mentioned to me today that i should use Norman Sandbox to scan the file. I did not know the site and i do not know how reliable their scans are but i just got this information after only a few minutes.

Quote
nvlddmkm.sys : Not detected by Sandbox (Signature: NO_VIRUS)


[ DetectionInfo ]
    * Filename: C:\analyzer\scan\nvlddmkm.sys.
    * Sandbox name: NO_MALWARE
    * Signature name: NO_VIRUS.
    * Compressed: NO.
    * TLS hooks: NO.
    * Executable type: Kernel driver.
    * Executable file structure: OK.
    * Filetype: PE_I386.

[ General information ]
    * File length:    10304104 bytes.
    * MD5 hash: 4152708c0c24e30dae7fa87d5afe1d7b.
    * SHA1 hash: fef5332389e85b0992a7ae656cca807c6ea0b3a3.

[ Changes to registry ]
    * Creates key "HKLM\System\CurrentControlSet\Services\SAMPLE".
    * Sets value "ImagePath"="C:\sample.sys" in key "HKLM\System\CurrentControlSet\Services\SAMPLE".
    * Sets value "DisplayName"="SAMPLE" in key "HKLM\System\CurrentControlSet\Services\SAMPLE".

[ Process/window information ]
    * Creates service "SAMPLE (SAMPLE)" as "C:\sample.sys".

Which also shows that it is a clean file.
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device