Author Topic: Ignore False Positive  (Read 3954 times)

0 Members and 1 Guest are viewing this topic.

mikel108

  • Guest
Ignore False Positive
« on: November 14, 2004, 05:04:34 PM »
Hi,
I searched for this in the forums, but could not find a match.

Avast 4.5 found a FP(I have already checked to make sure that is what is was).

I would like to know how I exlude this false positive file from future scans.

I have only been using the program for 1 day and it seems great. I have 1 year left on a paid AVG 7 pro subscription, but it was constantly letting me down, so..good-bye Grisoft.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31088
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Ignore False Positive
« Reply #1 on: November 14, 2004, 05:08:49 PM »
What file do you think is a false positive? (and what is its location?)
How did you checked it?
Have you submit it to JOTTI?

techie101

  • Guest
Re:Ignore False Positive
« Reply #2 on: November 14, 2004, 05:12:46 PM »
It might help us if you give us the name of the "false postive" so we can research it.

Include your OS please and whether you have Avast 4.5 Home or Pro.

Thanks
« Last Edit: November 14, 2004, 05:13:31 PM by Techie101 »

mikel108

  • Guest
Re:Ignore False Positive
« Reply #3 on: November 14, 2004, 05:25:27 PM »
It was file     C/System32/TFTP3296

I sent it to jotti, did a panda/trend/and Symantec scan which all said it was clean. Have not heard back from Avast. I did a search and it is a Trivial File Transfer Protocal from MS.

It said it was a W32:Dabber (Wrm).

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31088
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Ignore False Positive
« Reply #4 on: November 14, 2004, 05:36:52 PM »
Please send the file in a pasword protected zip to virus@avast.com. Mention in the mail that you think it is a false postive and the password ofcourse.

In the mean time you can add that file to Avast's exclusion list.
« Last Edit: November 14, 2004, 05:38:09 PM by Eddy »

Offline bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 48320
  • 63 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:Ignore False Positive
« Reply #5 on: November 14, 2004, 05:40:02 PM »
mikel108
I'd wait till you get a definite answer before trying to isolate it.
eScan reports it as a virus:
File C:\WINDOWS\System32\TFTP3296 infected by "Worm.Win32.Lovesan.a" Virus. Action Taken: No Action Taken.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

mikel108

  • Guest
Re:Ignore False Positive
« Reply #6 on: November 14, 2004, 05:57:22 PM »
Hi Eddy,
I sent the file yesterday(about 24hrs ago). When the file came up it suggested that I put it in the vault, which I did. I had not seen anything running in processes, or on the firewall before that.

techie101

  • Guest
Re:Ignore False Positive
« Reply #7 on: November 14, 2004, 06:21:06 PM »
There are conflicting reports on whether the TFTP is a worm or not.

For now the safest course of action is to isolate the file in the chest until Avast Team can check it out.

POST any further information you may receive for us.

I am running A-2 (A Squared Anti Trojan scanner) to see if it picks up anything.   Will post later.

Thanks.


A2 Results:  It did not detect TFTP as a worm or trojan.
« Last Edit: November 14, 2004, 08:13:20 PM by Techie101 »

mikel108

  • Guest
Re:Ignore False Positive
« Reply #8 on: November 14, 2004, 06:47:58 PM »
Add Kav Online Scanner to the list saying it is clean.

My ISP does work on the email on Sunday mornings. I will resend the file when they are up and running.


mikel108

  • Guest
Re:Ignore False Positive
« Reply #9 on: November 16, 2004, 02:43:25 AM »
 ???
Well I recieved a response from Avast. Vladimir Cernik emailed me back and said that he thought that the file was corrupted, and to move it to chest and delete.

Their program, so I will trust them and follow instructions.

Thanks for everyone's help and concern.