Avast detected Windows Update as malicious

Latest Avast Free.

1 update failed on today’s patch Tuesday, believe it pertains to Microsoft.NET Framework. Was put in chest. I cannot remove it, exclude it or anything. Just stays there in the chest.

Win3:Evo-gen (susp)

Please fix it asap! Thanks.

Same thing happened with to me; it won’t allow me to install the update.

Avast detected Windows Update as malicious
no .... suspicious ..... Win3:Evo-gen ([b]susp[/b]) = Suspicious

You can report it using one of these options…you may add a link to this topic in case they reply here

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

Next time, please use Viruses and worms forum section for posting about Virus/False Positive https://forum.avast.com/index.php?board=4.0

you may need to add exlusion http://www.avast.com/en-eu/faq.php?q=exlusion#searchForm

Same here… avast really out did itself this time.

Ant then you know if you look into the results and look under virus, it says “no virus”. Between this and the “threat detected” bug and the numerous bugs that have gone unfixed with the software ever since 9 came out and the serious silence from Avast on any issues and no new versions in a while… and the poor av comparative scores… I really have to start wondering if this software is even doing anything anymore.

In normal situations I would work with this. However this involves an update for .NET 3.5.1 for Windows 7.
The files in the chest are all .tmp files aka unzipped files to be used for the eventual update itself.

So normally good advice to report it as you wrote but this time it involves 51 *.tmp files. Hardly reportable as it is.

Hi CaptainLeonidas,
What does that mean; should we just wait for Avast! to update their definitions?

I am waiting till they (Avast) update their definitions.

Virus Definitions Current version: 140812-0
Program Current version: 2014.9.0.2021

Yes Avast needs to update their defintions… this is not applicable to virus’s and worm’s section… this is a major bug

first option can be used to report without uploading file … and give link to topic, then avast lab is notified

I’ll wait for the definitions update…but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

i would say yes … Microsoft could have waited with the release and you would not have known about them

You’re fine… you should actually be able to just take your computer offline, turn off avast, hit try again on windows update (the files have already downloaded) and it should install correct?

I got this issue too, first time I ever seen Avast mark windows update as malicious

The update can be re-installed.
If it fails to show you can always “trick” Windows into rescanning for updates.

Run → type: Services.msc → Stop: Windows Update service → delete the update folder: C:\Windows\SoftwareDistribution → Start: Windows Update service.
Recheck for update as always.

PS: You will loose your update history

I turned off Avast and ran Windows update it installed fine. Running avast quick scan on it now.

Thanks, dprout69!

Same issue here… which the avast team should easily be able to reproduce if necessary.

Windows Updates (I’m on Win7SP1x64) for DotNet Framework 3.5.1

I believe the specific update was kb2943357 (but it could have been kb 2937610).

The update was placing a plethora (20? 30? 40? who knows) of .TMP files on the hard drive, which were picked up as suspicious EVO-GEN. Avast defs 14-08-12-0

There was no practical way to capture and upload all of these files for F/P testing. There was also NO simple option to IGNORE these files, as I wanted to do (choices included fix, delete, repair, quarantine). Since these were directly from Microsoft Update, I believed they were safe, and wanted to install them.

Basically, I believe/hope I x’d out each of the warning windows… and that doing so would “ignore” the warning, and allow the files to download/install. I’m only hoping I didn’t miss any… Windows Update indicates the installation was successful… but what if I clicked ignore on say, only 39 out of 40? Could that still show as “successful”? Would it be wise to try to re-install the update?

https://support.microsoft.com/kb/2943357 is the update that is flagged yes.

Guess we could always suspend Avast for 30 minutes and install the update.

PS: The update is rated “Important” according to: https://technet.microsoft.com/library/security/ms14-aug

Just read your edit. I didn’t realize the update file had already been downloaded, I’ve just been rerunning the Windows Update. I’ll try your suggestion.

Mine shows that kb2943344 is the problem; maybe it varies depending on the computer?