Prevx alerts on Hitman Pro and avast

[Page42]

I've grown used to Prevx telling me to remove avast files as threats. I wish it was otherwise (meaning I wish Prevx would check for new program versions of avast and make sure they didn't call the new drivers threats), but that doesn't seem to be happening. My Detection Override feature has about 13 avast files in it currently.

Also had Prevx alert on Hitman Pro just now, per attached images.

By the way, these detections all occur when scanning with Hitman Pro.

[Triple Helix]

Your Program Age Heuristics settings are set to high try setting to medium!

TH

[Fajo]

Quote:

Originally Posted by Page42

I've grown used to Prevx telling me to remove avast files as threats. I wish it was otherwise (meaning I wish Prevx would check for new program versions of avast and make sure they didn't call the new drivers threats), but that doesn't seem to be happening. My Detection Override feature has about 13 avast files in it currently.

Also had Prevx alert on Hitman Pro just now, per attached images.

By the way, these detections all occur when scanning with Hitman Pro.

I have Avast 5! on one computer and Prevx (Paid) Running next to one and other and I have not had any issues with it flagging the files. Avast 4.8 tho I don't know about sense I do not use that version on any of my computers.

[Page42]

Quote:

Originally Posted by Triple Helix

Your Program Age Heuristics settings are set to high try setting to medium!

It probably is heuristics, TH, but I'm a cake-and-eat-it-too type of guy. I like the heuristics cranked up and I don't want the fp's that go along with the territory. Thing is, these detections, as noted, only happen when scanning with HMP (and Prevx enabled). That's the weird part. Plus, I must say, even with heuristics set to max, I still would like to see Prevx ignore avast driver files.

[Page42]

Quote:

Originally Posted by Fajo

I have Avast 5! on one computer and Prevx (Paid) Running next to one and other and I have not had any issues with it flagging the files. Avast 4.8 tho I don't know about sense I do not use that version on any of my computers.

Yes, v4.8 here. With avast 5, are you running Prevx heuristics maxed out, with Apply before Age/Popularity detection?

[Fajo]

Quote:

Originally Posted by Page42

Yes, v4.8 here. With avast 5, are you running Prevx heuristics maxed out, with Apply before Age/Popularity detection?

Everything maxed. If you want PM Joe the files that keep changing I'm sure he could white list them or have a look how to get them not detected anymore.

[Page42]

Quote:

Originally Posted by Fajo

Everything maxed. If you want PM Joe the files that keep changing I'm sure he could white list them or have a look how to get them not detected anymore.

Do you have HMP onboard? If so, try running a Hitman scan with Prevx enabled.

As for Joe having a look, yes, that's an after-the-fact thing to do, but once I have them listed as trusted, it doesn't matter anymore.

What I'd really like to see, and I don't know why it isn't already happening, is for Prevx to be on top of these avast driver files, by whatever method they use to check on well-known and widely used security programs, so that fp's aren't constantly happening every time a program update takes place.

I really don't want to come off as a complainer. I just don't understand why even with heuristics set high, Prevx couldn't be more out in front of these avast files. It's like they are way behind the curve on these things.

[PrevxHelp]

Quote:

Originally Posted by Page42

I really don't want to come off as a complainer. I just don't understand why even with heuristics set high, Prevx couldn't be more out in front of these avast files.

The problem with drivers in particular is that once they've entered the system, they essentially have free-reign and can do as they please, therefore, we have heightened heuristics against them, especially for ones that access the system in the manner that AV software does (which is identical to that done by rootkits).

As suggested, it might be worth sending over a scan log - I'll see if we can add dynamic whitelisting in particular for the Avast drivers, but we tend to be very weary for cases like this.