Minimizing False Positives with Avira Antivir?

Discussion in 'other anti-virus software' started by hutchingsp, Nov 1, 2009.

Thread Status:
Not open for further replies.
  1. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    I'm currently trialling Avira Antivir in a very diverse corporate environment.

    I've had a few things that are, for our use, totally legitimate get flagged as infected, such as jmail (a common emailer used on website backends) and various .exe's based on the "packing type".

    To those of you using Antivir, what settings have you enabled/disabled to minimize the risk of this whilst catching as much genuinely nasty stuff as possible?

    I like the product so far, but have concerns that I could be spending a long time adding exceptions or submitting false positives to Avira.

    Any advice appreciated.
     
  2. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,220
    If you have "Advanced Heuristic Analysis Detection" set on High level, I'd use Medium (default level), and keep testing on low, or disable it altogether.

    Unfortunately high detection rate means also the possibility of FPs, so if in doubt you can set the guard and the scanner to automatically copy the file to quarantine before any action is taken.
     
  3. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Are you using the free or premium version?
     
  4. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    Professional version.

    I have heuristics on low as I've already encountered a few FP's, it was more if there are any other settings that are suggested/recommended but not obvious.
     
  5. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    About False Positives with Avira, when submiting the file to Avira, how long does it take to avira to correct the false positives?

    I have submitted, 2 days ago, a few files from Business-in-a-box wich were detected has trojan and they are still pending?!?!?!
     
  6. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    Doing well so far. Had one client that seemed to have infections detected by Trend so I used that as a Guinea Pig and installed Antivir and did a manual scan and picked up two things that Trend appeared to have missed.

    Also had one chap do a manual scan and it detected "Malware 'TR/Spy.Banker.Gen' [trojan] was found in file 'C:\WINDOWS\SysWOW64\msindc.dll'."

    If I google msindc.dll I don't see any legitimate reference to it so good on Avira, **** on Trend.
     
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I has two false positives this weekend (Avira security suite). I submitted them and today they replied that those were indeed false positives. After running a scan with updated definitions, my system was clean. :)

    Corporate environment or not, I don't think it's a good idea to set the heuristics at lower than medium. I mean, there is a point when it just stops working. Avira doesn't have a HIPS , Sandbox or anything like that, so you just have to rely (mostly) on the signatures. And signatures and heuristics are not separate, complicated subject.
     
Loading...
Thread Status:
Not open for further replies.