Avast 5.0 Love To Produce FP's?

Hi

Kindly do ignore my comments if i am doing any offense...But i can not able to resist myself to utter my words here.

I installed Avast AV Pro 5.0.418 today, after installing it, i did a full scan of my system, after an hour when i came back i found that my Virtual System's snap shot was deleted by Avast 5.0 under the tag of Win32:Alphabet-D [Trj]

I lost my VDI file and this lead the corruption of my Virtual Machine. Even i found one amazing thing on their forum, one of the user also reported that his VMWare Virtual Machine's snap shot under the tag of Win32:Agent-COH [Trj] with "High" severity.

Now i wonder why Avast Love to produce so many fp's. Even i asked their customer support about this and they asked me to upload my snapshot on virus total...Hope one day VT increases the limit of file from 20 MB to 2 GB...

 

The day avast! 5 came out, it was reporting TeraCopy as malware. That issue has been solved. Every anti-malware produces FPs. To some extent, the perceived difference comes due to the difference in the popularity of the files being detected as FPs. More popular the files, more reputation damage for the anti-malware. BTW, have you kept the option - 'Remove entire archive if file cannot be disinfected' checked by any chance?

 

Actually i have changed all my settings...that's why the snapshot has been deleted

 

Isn't it typical for a modern av to report things like "Suspicious: Probably TrojMalw.PACKED.AsdfBlah.6574567.Heur.DNAOrigin-GEN" and after this comes an alert that the file cannot be removed.

seriously, I've also reported many false positives with avast5 but usually they are malware-gen, trojan-gen, adware-gen or something -gen

 

Even i reported them and you know what they asked me to upload the file on Virus Total, when i told them that my VDI file is of 1 GB then they said that probably the file was infected...

 

Their support is very unprofessional and even rude.

That's why I uninstalled paid Avast! Pro.

 

Can you show me the thread in their forum where they said it was most likely infected?

 

Today i have un-installed my NIS 2010 because of their faulty update which lead my Norton IS files corrupted. After the update my system immediately rebooted without any warning, and after the reboot Norton start behaving differently. Even its tray icon was missing and its Intrusion prevention was not working properly. So i removed it and installed Avast AV 5.0 with Online Armor.

But my tough luck, i have lost my snapshot files even my sandboxie is not working properly....I don't know why everything is start behaving like crazy applications...without any devil (Virus)

 

I have send the mail to them but due to unprofessional reply i have deleted that mail...But yep you i can show you where there people suggesting someone to upload the file....

See the trailing link:-

http://forum.avast.com/index.php?topic=55556.0

I guess Avast is behaving like crazy AV...They are detecting Virtual Machines snapshot as Trojan...In my case it was Win32:Alphabet-D [Trj] and in the above case (Linked Case) it was Win32:Agent-COH [Trj] ...

Even you can see that its not a generic detection, it is totally based on signature database...

 

Microsoft also released a buggy engine release to MSE causing errors so Symantec is not the only one with bad updates.

Back to Norton, I read about the buggy release on their forums and how it was causing issues. I never like when app's do that. I have had a few of those buggy updates come from previous AV's I have used.

Back to Avast, PM VLK and ask if it's ok if you upload it to their FTP server. Should be plenty of space at the FTP.

 

Even you can not imagine that i have spent my whole day to sort out the issue, and still it was not solved out..

Secondly, i cannot upload that file because of two reasons, first my broadband was not as fast as you guys have and second, the files was deleted by Avast, because i have configured it in that way...

Bad Luck Of Mine...

 

Umm my Broadband is slow also...... it takes me 30 min's to download Threatfire. Make sure you change your Avast! settings if you install again, if a huge FP went through it would badly mess up your machine.

 

drive back up/imaging or even something like rollback rx/CTM would have saved you a lot of hassle...

 

1 what's wrong with uploading to Virus total ? it concerns very small files most of the time and your case was an exception
2 the person who answered you on Avast forums is a user, and a very helpful one generally, and he doesn't belong to the Avast team. There may be a lack of support from Avast on their own forums, but some users (including the one who answered to you), do their best.
3 as to the associating Avast 5 with FPs, that's bs. There's been an incident (and a bad one), back in December (or November I don't remember exactly), and this sort of incident happens to 99,99% of AV companies once in a while, unfortunate, but apparently unavoidable: once in a while, ie may be once every two or three years. I agree never would be better, but again, Avast 5 is not particularly FPs oriented OK ?

 

I'm really surprised with it. The fact is that I have never contacted them for anything. Hearing your story is at least concerning.

What happened?

 

Their replies are automatic, like bots. They asked same things many times.
I filled ticket details and told my setup and problem, got reply from "technician" asking same things I just submitted.

Their forum is like mine field, thousands of questions which are unanswered.
Too messy for me.

 

Mostly because no one ever uses search and they just flood the forums with questions. No one can keep up such quantities of questions and properly investigate each and every of them.

As far as the infection is concerned, the virtual machine images are in fact just massive archives, containers. If something got inside of virtual machine, avast! will detect it inside VM image, because it an unpack it and scan its content
So, really, it's up to you to check it out. Unless this can verifiably be reproduced on clean install virtual machine image.

 

It was detected on a clean virtual machine's snapshot...Secondly, my virtual machine is also protected by Avast free, so i don't think so that its really infected.

Last but not least i have no intentions to flood the forums with stupid questions..I always do research and investigate each and everything properly then i came up with questions.

And discussions on good questions always productive in some manner.

 

if anything i got WAY more fp's with norton then with avast 5 to be honest

 

I have never faced any fp's with Norton, but yeah i do agree that SONAR-2 is way too sensitive..but with Avast 5, its different.

 

I once had a FP from SONAR2 on WinRAR but it was fixed very fast.
Better a bit more sensitive than no detection at all.

 

Well, if it was on a clean system, tell us exactly what softwara was used.

- exact virtual machine program name and version
- OS used on your computer (version and all service packs)
- OS used in virtual machine (version and all service packs)
- what software exactly was installed inside that virtual machine (names and versions)
- is the problem reproducable (this is the most important thing, can you reproduce the issue more than once using the exact same conditions)

If the last step is possible, write down all the steps exactly with all the info required. Only this way, ALWIL guys can trace the issue.

 

1. I have used VirtualBox (Latest Version)
2. My OS is Windows 7 Ultimate (x86)
3. OS used in Virtual Machine:- Windows XP SP-3 (Updated)
4. Software installed inside Virtual Machine:- Avast 5.0.418, and CC Cleaner

I can reproduce the issue but it i don't want to reproduce this because it will take my 2-3 hours...

 

on 9 machines the only fp i have had so far from avast 5 has been a puran defrag installer but it was fixed quickly in the next update and i have not seen it since. other than that i have yet to see a fp from avast 5 again on 9 systems i have it on

 

Yeah it is quite sensitive it once flagged avast removal tool(new one) as suspicious threat