Avast 5.0 Love To Produce FP's?

Discussion in 'other anti-virus software' started by AvinashR, Feb 26, 2010.

Thread Status:
Not open for further replies.
  1. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Hi

    Kindly do ignore my comments if i am doing any offense...But i can not able to resist myself to utter my words here.

    I installed Avast AV Pro 5.0.418 today, after installing it, i did a full scan of my system, after an hour when i came back i found that my Virtual System's snap shot was deleted by Avast 5.0 under the tag of Win32:Alphabet-D [Trj]

    I lost my VDI file and this lead the corruption of my Virtual Machine. Even i found one amazing thing on their forum, one of the user also reported that his VMWare Virtual Machine's snap shot under the tag of Win32:Agent-COH [Trj] with "High" severity.

    Now i wonder why Avast Love to produce so many fp's. Even i asked their customer support about this and they asked me to upload my snapshot on virus total...Hope one day VT increases the limit of file from 20 MB to 2 GB... :D :D
     
  2. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    The day avast! 5 came out, it was reporting TeraCopy as malware. That issue has been solved. Every anti-malware produces FPs. To some extent, the perceived difference comes due to the difference in the popularity of the files being detected as FPs. More popular the files, more reputation damage for the anti-malware. BTW, have you kept the option - 'Remove entire archive if file cannot be disinfected' checked by any chance?
     
  3. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Actually i have changed all my settings...that's why the snapshot has been deleted
     
  4. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Isn't it typical for a modern av to report things like "Suspicious: Probably TrojMalw.PACKED.AsdfBlah.6574567.Heur.DNAOrigin-GEN" and after this comes an alert that the file cannot be removed. :D

    seriously, I've also reported many false positives with avast5 but usually they are malware-gen, trojan-gen, adware-gen or something -gen
     
  5. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Even i reported them and you know what they asked me to upload the file on Virus Total, when i told them that my VDI file is of 1 GB then they said that probably the file was infected...o_O o_O
     
  6. Technic

    Technic Registered Member

    Joined:
    Aug 31, 2005
    Posts:
    428

    Their support is very unprofessional and even rude.

    That's why I uninstalled paid Avast! Pro. :ninja:
     
  7. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Can you show me the thread in their forum where they said it was most likely infected?
     
  8. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Today i have un-installed my NIS 2010 because of their faulty update which lead my Norton IS files corrupted. After the update my system immediately rebooted without any warning, and after the reboot Norton start behaving differently. Even its tray icon was missing and its Intrusion prevention was not working properly. So i removed it and installed Avast AV 5.0 with Online Armor.

    But my tough luck, i have lost my snapshot files even my sandboxie is not working properly....I don't know why everything is start behaving like crazy applications...without any devil (Virus)
     
  9. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    I have send the mail to them but due to unprofessional reply i have deleted that mail...But yep you i can show you where there people suggesting someone to upload the file....

    See the trailing link:-

    http://forum.avast.com/index.php?topic=55556.0

    I guess Avast is behaving like crazy AV...They are detecting Virtual Machines snapshot as Trojan...In my case it was Win32:Alphabet-D [Trj] and in the above case (Linked Case) it was Win32:Agent-COH [Trj] ...

    Even you can see that its not a generic detection, it is totally based on signature database...
     
    Last edited: Feb 26, 2010
  10. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Microsoft also released a buggy engine release to MSE causing errors so Symantec is not the only one with bad updates.

    Back to Norton, I read about the buggy release on their forums and how it was causing issues. I never like when app's do that. I have had a few of those buggy updates come from previous AV's I have used.

    Back to Avast, PM VLK and ask if it's ok if you upload it to their FTP server. Should be plenty of space at the FTP.
     
  11. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Even you can not imagine that i have spent my whole day to sort out the issue, and still it was not solved out..

    Secondly, i cannot upload that file because of two reasons, first my broadband was not as fast as you guys have and second, the files was deleted by Avast, because i have configured it in that way...

    Bad Luck Of Mine...:'(
     
  12. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Umm my Broadband is slow also...... it takes me 30 min's to download Threatfire. Make sure you change your Avast! settings if you install again, if a huge FP went through it would badly mess up your machine.
     
  13. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    drive back up/imaging or even something like rollback rx/CTM would have saved you a lot of hassle...
     
  14. Logos

    Logos Registered Member

    Joined:
    Dec 3, 2009
    Posts:
    41
    1 what's wrong with uploading to Virus total ? it concerns very small files most of the time and your case was an exception
    2 the person who answered you on Avast forums is a user, and a very helpful one generally, and he doesn't belong to the Avast team. There may be a lack of support from Avast on their own forums, but some users (including the one who answered to you), do their best.
    3 as to the associating Avast 5 with FPs, that's bs. There's been an incident (and a bad one), back in December (or November I don't remember exactly), and this sort of incident happens to 99,99% of AV companies once in a while, unfortunate, but apparently unavoidable: once in a while, ie may be once every two or three years. I agree never would be better, but again, Avast 5 is not particularly FPs oriented OK ? ;)
     
  15. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    I'm really surprised with it. The fact is that I have never contacted them for anything. Hearing your story is at least concerning.

    What happened?
     
  16. Technic

    Technic Registered Member

    Joined:
    Aug 31, 2005
    Posts:
    428

    Their replies are automatic, like bots. They asked same things many times.
    I filled ticket details and told my setup and problem, got reply from "technician" asking same things I just submitted.

    Their forum is like mine field, thousands of questions which are unanswered.
    Too messy for me.
     
  17. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Mostly because no one ever uses search and they just flood the forums with questions. No one can keep up such quantities of questions and properly investigate each and every of them.

    As far as the infection is concerned, the virtual machine images are in fact just massive archives, containers. If something got inside of virtual machine, avast! will detect it inside VM image, because it an unpack it and scan its content
    So, really, it's up to you to check it out. Unless this can verifiably be reproduced on clean install virtual machine image.
     
  18. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    It was detected on a clean virtual machine's snapshot...Secondly, my virtual machine is also protected by Avast free, so i don't think so that its really infected.

    Last but not least i have no intentions to flood the forums with stupid questions..I always do research and investigate each and everything properly then i came up with questions.

    And discussions on good questions always productive in some manner.
     
  19. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    if anything i got WAY more fp's with norton then with avast 5 to be honest
     
  20. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    I have never faced any fp's with Norton, but yeah i do agree that SONAR-2 is way too sensitive..but with Avast 5, its different.
     
  21. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    I once had a FP from SONAR2 on WinRAR but it was fixed very fast.
    Better a bit more sensitive than no detection at all.
     
  22. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well, if it was on a clean system, tell us exactly what softwara was used.

    - exact virtual machine program name and version
    - OS used on your computer (version and all service packs)
    - OS used in virtual machine (version and all service packs)
    - what software exactly was installed inside that virtual machine (names and versions)
    - is the problem reproducable (this is the most important thing, can you reproduce the issue more than once using the exact same conditions)

    If the last step is possible, write down all the steps exactly with all the info required. Only this way, ALWIL guys can trace the issue.
     
  23. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    1. I have used VirtualBox (Latest Version)
    2. My OS is Windows 7 Ultimate (x86)
    3. OS used in Virtual Machine:- Windows XP SP-3 (Updated)
    4. Software installed inside Virtual Machine:- Avast 5.0.418, and CC Cleaner

    I can reproduce the issue but it i don't want to reproduce this because it will take my 2-3 hours...
     
  24. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    on 9 machines the only fp i have had so far from avast 5 has been a puran defrag installer but it was fixed quickly in the next update and i have not seen it since. other than that i have yet to see a fp from avast 5 again on 9 systems i have it on
     
  25. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Yeah it is quite sensitive it once flagged avast removal tool(new one) as suspicious threat:ouch:
     
Loading...
Thread Status:
Not open for further replies.