One of my AutoIt compiled executable files has been working for ages. I need to use it now. Restoring from the Avast Virus Chest and adding it to exclusions is not working. The file is restored but deleted again when I try and run it. The file was not flagged yesterday. Is there something I don’t know, or is this a bug in Avast? Please help, I need both access to the internet and to be able to use my software. But how? I’m not sure if I submitted this file previously or not. It hasn’t been flagged for at least a year (Edit - I know this for certain).
Because Avast tends to flag most of the programs I write, I have to keep asking.
This is a regression. Why does ‘Restore and Add to Exclusions’ not work?
Incidentally, right clicking and scanning the file says ‘No threat found’ - it’s only when I try and run it that Avast File System Shield pops up and says it’s Win32:Malware-gen. Rubbish, it’s a text editor.
Thanks for the responce. I didn’t realise I had to restart my computer for the exclusions to come into effect. I have just figured this out. The moment you make modifications, some notification would be a helpful feature for users of Avast. It’s the standard model - changes will come into effect after you restart your computer, OK, CANCEL etc. Meanwhile I’ll wait and hopefully the report will be processed.
I’ve read some of the blog now. There’s some interesting information there. From my perspective it’s a little too specialist - I just write simple programs. I submit the ones that throw false positives but struggle to understand why I need to exclude a path instead of a set of hash values: every program I create is a portable executable.
Strange that you needed a reboot.
It should work instantly.
Next time see if shutting down the shields and starting it again works.
I’m wondering if that will work also.
I tried a number of things including Disabling All Shields. The only reason I rebooted was because one of the shields didn’t seem to want to become active again after I tried a certain sequence. After rebooting, I discovered that the exclusions, which were listed in Avast earlier, had come into effect and that all shields were active again.
This is unreasonable. I have waited four days since submission. If this was a commercial program I would probably have lost all customers using Avast by now. False positives have two sides.
You can rest assured that global blocking of all suspicious files is reasonably safe.
Continually throwing false positives with the same developer’s programs, without bothering to fix them, is insulting, disrespectful and intollerable. There has to be a better way to resolve these issues within a reasonable time frame.
I apologize for my rant above. I can see why my comments have been ignored. I’m more sad than angry right now. At one time, when I submitted a false positive it was fixed the next day. Perhaps there’s a problem with the Avast program’s submission feature. Avast always asks to send the file for analysis and I do - sometimes once, sometimes twice. Last time it seemed to take about five attempts and well over a week, although I didn’t only do it using the Avast program - I also used an online form pointing to a web link. Perhaps that has something to do with it.
At least Avast isn’t deleting all my AutoIt programs, so I shouldn’t be so upset as I was previously. It’s just a pre-release alpha, but it’s been on my old XP machine for quite some time and Avast was fine with it until recently. I use this program all the time for quick tasks instead of using notepad.
I have submitted the executable file for a third time using the Avast user interface. I added contact details, and all relevant information. I expect either to hear by email why this has not been attended to, or I expect the fix to occur within the next two days. If niether of these two things happen, then I assume that the Avast program submission process is broken. If this is not the case then I can only draw one conclusion; but I will once more give Avast the benefit of the doubt and try the online form submission process. If that works, after this final attempt does not, then someone needs to fix the problem with the Avast program submission routines. I know there are bugs in Avast but my discoveries are only a consequence of trying to solve problems I encounter from regular use. Don’t make me publish my findings please!
After this has been resolved I would like to discuss the possibility of improving your submission process. It needs it, big time! I am prepared to invest my time and effort to try and help you sort this out. It’s a total shambles.
Anyone pondering what this is all about should not only read the above link posted by Eddy, but also read the link below.
It makes a fascinating read. The following quote was one of the first to catch my eye:
>Of course I also firmly believe most of them intentionally jack up the false positives (affecting primarily small developers) so they can boast higher detection rates.
Nope, high percentage of false positives is sign of low quality. All popular antivirus tests check that and count into their rankings (not that those are absolute and objective).
It’s not intentional, just the way things work when it is hard to tell apart malicious code from legit.
Interesting perspective. I like the way this guy responds with… Nope it’s a matter of fact! Brilliant!
At this point, I can only assume that FP submission from quarantined items is not working. There are also other plausible explanations as to why nothing has been done to fix this false positive nine days after first submission. I’m sorry but it is a shame that I have to be labelled the writer of a virus, which happens to be nothing more than an unreleased alpha version of the text editor I mentioned earlier: also flagged by Avast previously.
Since I have no plan on distributing this particular version, the problem may only affect me personally. However I have every intention of updating and releasing an improved version in the future. It is therefore of paramount importance to me that I not be wrongly accused of distributing malware. What is the problem with the submission process or fixing this?
Since I intended to test the program’s submission routine first, I have avoided doing so. I never seem to have much success with submissions from the virus chest. I will use the web submission next. Thanks for responding Pondus. I’ll leave it until tomorrow now because I’m too tired ATM. BTW, I don’t remember if I used UPX when I compiled my program - it’s a default setting with AutoIt which can be turned off. Doing so might degrade performance slightly, but it might also help with Avast.
