AV Comparatives File Detection test for September 2014

In previous File detection test (March) they also had 95 FPs. So it might not be "one time" result.
OTOH they have no FPs in Real-World protection test. I guess test sets are different in both cases.

 

That's why I put it quotes, but you are correct on that.

What amazes me most is the number of false positives and I believe the Bitdefender engine is not to blame this time.

 

But it seems they are not interested in being tested ...yet.

 

Frankly, i only care about real-world test results... Because if in the last file detection test also had so many false positives, then a testing methodology is apparently flawed or it plain doesn't like avast!'s protection system. Because in real-world one it never had more than just few FP's if at all. And real world is what users actually encounter. I don't think they use different false positive sets, it's just that antivirus apparently works in diffferent conditions in one and another test.

 

we use compeltely different clean sets (one is based only on files, the other one URLs [much smaller set]).

 

What exactly is the purpose of using different sets and making FP comparison between tests irrelevant? One test says avast! had zero FP's and another one said it had crazy high number. When such thing happens, my respone would be, make up your mind already?! You can't accuse it in one test to be absolutely flawless and in other one absolutely horrible. Because that makes little sense if target of both are false positives.

 

Interesting results...

 

I don't think it relies on the test methodology. I also don't give much on on-demand file scanning tests: but if a product wrongly detects a high number of clean files (f.e. setups from pc magazine DVDs etc.) while scanning then the product is somehow crappy not the test.

 

And who does on-demand scans of magazine DVD's these days? It's 2014, not 1993... Clearly, if the rate was so severe i'd spot more than just a single false positive in all these years. Yes, i actualyl had to report just 1 false positive few days ago. Before that, zero for like 6 years. And i shuffle quite a lot of programs and even werd stuff that others, particularly AVG or god no Comodo are so trigger happy on them.

 

You can find the same files online. People download freeware, scan freeware and so on. I see it not as unrealistic.

Beside the setting: When clean files are flagged as malicious it is a false positive. Others had less problems to detect what is clean. POINT
And your experiences can't confute this result and it's quite unfair to call a test flawed only because your favorite AV had some problems in it.

 

Even if they get tested like last time*, it will probably only be with one of the older products.

* https://www.wilderssecurity.com/thre...eport-march-to-june-2014.366154/#post-2392235

 

Here we go with the "your favorite" bullcrap again...

 

Our company was selling Avast until last year to our customers and I don't recall many FPs also. The problems our customers had (and consequently did we) was with Avast's DeepScreen and Sandbox. It would sandbox legitimate programs (unknown to them) and so preventing it to run correctly. When we had more problems with AV than with viruses it was time to change the AV.

 

Sorry, shouldn't sound negative, but no other objective arguments I can find in your argumentation.
test result: many clean files were detected as malicious.
Not good fro Avast is an objective observation, test is flawed is yours. Why?

 

I think the basic flaw resides in the methodology chosen to select common programs for false positive tests as it seems not to reflecting sufficiently the real world out there. Raising the thresholds for this selection could help focusing on real flagrant cases.

 

Auto Sandbox was a bit problematic but DeepScreen, unless the application is continuously morphing, it will not repeatedly scan it. And the execution is now transparent unlike with Auto Sandbox. Hm.

 

To be honest, I would not based my opinions of any product based on this result ( unless the score is just too low).

 

Yes our proprietary applications get updated usually 2-3 times a month, average user using 5-10 different apps. There were problems after each update so we had to disable (or uninstall) those advanced tools on their Avast installation. After each program update those tools were installed again...

 

As an MSP controller, one of the first things we do when we find machines with Avast, is to remove Avast. For similar reasons you indicate, but I am not into bashing products, just stating our procedure, not necessarily the reasons, or methods we determine what is best, but it's based on close to 35,000 machines we monitor.

 

same here. i do like avast but i have seen the same types of things you mention. besides them turning it into a "kitchen sink" av (imo). otherwise i can not say anything actually bad about it as an av it does perform pretty well for that.

 

DeepScreen can be excluded using * as far as i know (can't test it right now). You'll face same problems with other AV's that utilize cloud and reputation services. The stuff you'll compile in a company will not be seen by anyone else in avast! cloud to declare it safe so it will get DeepScreen checked every single time unless if you exclude it from that folder entirely.

 

That's not exactly true. Norton (Insight+Sonar), Trend (DS), and Fortinet(Forticloud) don't give us these kinds of problems at all.

When you are dealing with mission critical systems, corporate systems, and systems in infrastructure types of environments you can't be dealing with hundreds of false positives, or DeepScreen mis-classifications otherwise you risk damaging the systems, or preventing day to day operations.

 

One thing is DeepScreen "screening" it and one thing detecting it and quarantining. Not the same. You can also entirely disable just DeepScreen and leave everything else fully operational.

 

We are currently using and promoting Panda and we did not encounter such problems so far. I have Avast installed on two of machines at home and I like it, but for professional use I would not recommend it to others. After 4.8 version we and our customers experienced just too much trouble using it. We have had this kind of problem only with Avast, MSE (which corrupts ISAM databases on regular basis) and F-Secure (apps have to be manually allowed to run after each update). With other AVs we didn't experience any problems...

 

That's really sad. They should improve their signatures instead of adding useless tools and other crap to their AV. I think it's time to replace Avast ...