Avast blocking this app - false possitive?

[CZEskymak]

Hi, i upgraded avast to version 7 yesterday in i now have problem with avast - he is blocking one of my programs when it try connect to server. That app should be save and clean.
One of my friend have same problem with McAfee antivirus - it started two days ago.

Can someone test this file, say me why is blocked or remove it from virus database? Thanks

http://ulozto.cz/xG6g3mt/centred-exe

or full program installer at http://redmine.aksdb.de/attachments/download/34/CentrED_win32_0-6-3.exe


btw, můžete odpovídat česky, díky

[ady4um]

You could upload it to virustotal.com (among several alternatives) and post the link to the results.

[CZEskymak]

https://www.virustotal.com/file/d0d921909eba1ba12643350beae14ec25caaf8292550c107c3245e1970730517/analysis/1330197981/


I added file to exception for AutoSandbox and problem "solved"

[ady4um]

Well, the report says 0/43, so before anyone goes into more details, are you sure avast is "blocking" that file (or identifying it as malware)? Maybe you need to update avast's definitions?

[CZEskymak]

Program and virus definitions are up to date - hour ago.

When i disabled Avast or added centred.exe on autosandbox ignore list, everything works fine.

Problem appeared yesterday for me with avast (upgrade to version 7), two days ago for friend with McAfee and now i registered next user with same problem, from February 18 - actually i dont know what antivirus he have.

We are using centred for months, near every day without problems and now we have 3 same problems in one week...

OS XP, Win7 x64 and unknow win7

[ady4um]

Could you please attach a little screen shot of avast message? ("Attachments and other options" to the left of "Post")

[CZEskymak]

I have no avast message, when centred try login on server, connection is cut off (or is cutted off second after login) - i got error message in server console and centred dissapear (crash but without any error or message). All users have same problem.

[ady4um]

Just for a test, could you disable avast's autosandbox and try again if the file is still blocked?

Moreover, first add an exclusion for the file to autosandbox, and then in addition disable autosandbox (yes, sounds unnecessary but...)

[CZEskymak]

Yep, file isnt blocked when autosandbox is disabled.

edit:
Probably same result as with an exclusion and enabled autosandbox

[ady4um]

Yes, it would be better to add an exclusion to autosandbox and leave it active / enabled.

The other possibility I though about was deleting firewall rules related to avast and rebooting. The rules should then be re-created correctly (avastsvc.exe, avastui.exe and avast.setup with a variable path).

Anyway, glad you have your answer.

[EDIT]
It could be useful to send this to avast labs, so they could potentially avoid this "FP" (well, not exactly FP, but "suspicious" for autosandbox).

Use http://www.avast.com/contact-form.php?loadStyles
[/EDIT]

[CZEskymak]

You mean windows firewall? There are no Avast records/rules.

What you think about the same problem on machines, that run non-Avast antivirus?

Thanks

[ady4um]

You mean windows firewall? There are no Avast records/rules.

What I meant was that if the autosandbox would not solve the problem, then similar behaviors as the one you described are seen when updating security tools, like avast. Like "suddenly I can't browse with Chrome / FF / IE..." and those type of problems. Then by deleting old (seemingly working) rules, it forces the firewall to ask again for permission and re-creates them anew, "really" correctly.

It seems that sending the file (or link to it) to avast (and for now adding the respective exclusion to autosandbox) would be enough for your case.

Sorry for adding confusion .

What you think about the same problem on machines, that run non-Avast antivirus?

Sorry, sincerely, no idea. If I had to guess, is also something of the same sort. Either some firewall rule to be re-created, or some "heuristics" feature (as in avast, behavior shield / autosandbox).

[CZEskymak]

Ok, thanks you again for help.

Your message has been sent

Thanks for contacting avast!. We will reply very soon.