AVG anti-virus software mistakes Windows system file for a trojan

I hate when that happens to Windows files, but it's an occurrence we're going to have to live with with these programs. Another solid reason for having backups.

 

This is very important. I also find it equally important to set your real-time protection to not automatically deal with detected files, instead have it set to ask you what to do with it. Imagine if this was Bitdefender Free Antivirus

 

Or, another reason not to have them (antimalware apps).

@ Antimalware18

According to BitDefender team member, it won't delete system files.

 

AVG seems to be notorious at detecting system files as malware. If it happens once, fair enough, no one is perfect. But this is what, second or third time with AVG? They should know it better by now...

 

Didn't it do so in 2010? On 64-bit Windows, it either deleted or quarantined all systems files when they ran, resulting in blue screens and not able to boot in either regular nor Safe Mode. Many people had to re-install their systems.

Based on reading old Bitdefender forums, Bitdefender was actually paying people for their trouble (I imagine their attorneys told them to do it.)

Edit: here is to what I was referring: http://www.tomshardware.com/news/bitdefender-64-bit-vista-xp-trojan,9948.html

I had BitDefender Internet Security in the Bitdefender Store basket, after coupon, for $11 a few weeks ago. But I did not finish purchase after reading those 2010 reports and then searching for names of many of the latest games and Bitdefender in a search to find message after message stating such and such game was being stopped by Bitdefender. These were wide-scale commercial-released games, and in pretty much every one of those games, players had problems with Bitdefender for first week or so and then periodically after updates and patching of the games.

 

I second that, even if AV companies disagree!

 

False positives.All antivirus software have them.Nothing new here.

 

"AVG anti-virus software mistakes Windows system file for a trojan"
.... This is not "normal FP"..............

 

I don't actually follow the mistakes these folks (antimalware folks) make, so I got no idea how many times any of them screwed up systems. But, recently, due to the concern of BitDefender Free AV automatically deleting/quarantining files, a BitDefender member mentioned that it has mechanisms to prevent it from deleting system files. Whether or not that happens, I got no clue.

 

I absolutely agree with you but windows files can be manually excluded from scanning so you can protect your files that way.
But windows files can become infected themselves and subject to malware analysis.Sure we can exclude them but we may also be excluding hidden malware.
Sometimes what we consider a FP may in fact be a genuine malware within a windows file so there are several ways of viewing this.

 

What would be the expected behavior when the user is not logged in and hence not around to respond to the alert. Should the antimalware let it go ? or remove it right away ? Sometimes a go/no-go decision is require right away and can't be postponed.

 

All security software makes mistakes - either false negative or false positive alarms. But fact is some make more mistakes than others. And some make little to practically no mistakes. If you use Microsoft security solutions - you are very unlikely to see false positive alarm especially on Windows/Microsoft files. They perform very in-depth testing before relesing update an follow extremely strict rules re. this. Additionally, big vendors such as Symantec, McAfee generally take more precautions when releasing updates (especially for their business/enterprise customers). My recommendation I do is to stick with bigger reputable company and your problems with FPs are less likely to occur. AVG is far too small player in the industry, with less people and with less resources and the chance of FP is higher than with any big and more reputable player/vendor.

Additionally, other than just AV - there are other security measures that should back-up both against other attacks and against other measure's failures (e.g. back-ups - archives - that can be used should the AV/FW/HIPS/IPS,etc fails to protect or makes a mistake).

 

Isn't this like a monthly thing for AVG now?

 

These kind of occurrences reaffirms my belief in at least having an option (even if it's not the default) whereby the user can set it to ask for decision once something is detected. Although it is not applicable for all computing environment (with AV installed), at the very least it's a useful option to have for those who value their decision (and be responsible for it in case of wrong decision) over an AI.

 

New AVG Proactive Malware Defense. Nuke the OS so it doesn't boot = no more future malware issues.

 

Haha.. well you can't ask for much from Free software. You get what you pay for!!

 

**This**

 

Sorry but this is utter BS. Ppl always say ugh oh its free what did you expect. Where do ppl get such idiotic conclusions?

AVG Free is just a part of programs where other editions share the same core but are paid versions. So, if what you say is true, paid versions are what, worthless? It's the same with others. avast! has exactly the same core for Free or Paid versions. We all know how good avast! was in tests and they trusted their Free version so much, they were the only ones constantly sending Free version for testing against Paid programs from other vendors (AV-C, AV-T).
In which case you are getting twice as much as you paid for, because you haven't paid anything at all, yet you are still getting top class software.
Only that isn't exactly the same is AVIRA where free lacks the ProActiv module and may show differences.

And as for the paid gems, McAfee also made critical mistakes that made systems unbootable. They don't have any free version, so what should we think about that? You paid and got the same flawed program as you would with free (which was free and didn't cost you anything). See? That analogy just doesn't work and free programs can in fact have much higher value than any paid program. It's just that ppl still have a completelly wrong perception of quality between paid and free products.

 

Instead of implementing tuneup and registry booster they should focus on whitelisting important files!

 

No. Solution is more money => generally more resourses => better developers => better service & more resourses to spend on the quality of virus lab and pre-testing.

 

And a change at the top Arrogance doesn't help.

 

I second this. I see no need for a home user to pay for antivirus software.

I couldn't find the post on Avast's blog just now, but they had a similar issue with false positives a few years back, and after that they put in new measures to test new definitions before they are release to the public to ensure a similar situation does not happen again.

 

Exactly, whitelisting helps in reducing & protecting from FPs.

I am using Comodo Internet Security for the same reason. Previously it use to give FPs, now Comodo has improved a lot & fewer FPs like any other AV. But it never detected any system files as FPs here. Trusted Files/whitelisting approach is good & helps reducing FPs & protecting system from blunders like system files as FPs.

 

They haven't improved. They fixed some FP's but those that are detected now take freakin ages and still going, if you report it through the program. It's pointless and stupid.