I’m not sure if this topic is in the right section. I was using superantispyware’s program update when avast pop up with this message below.
http://i479.photobucket.com/albums/rr156/CrimeorPunishment/AvastHeuristic.png
I check the file on google and the file belongs to superantispyware; a legitimate company. I uploaded the file to http://virustotal.com and http://virusscan.jotti.org and it did not find anything wrong with the file. Is it a false positive with avast heuristics?
Simple answer, yes, it’s a false positive.
Less simple, heuristic detection (by any program) is more likely to report a legitimate file as being a possible threat, because of the expected or projected behaviour of that file. (Don’t ask me how Avast makes this determination.)
This especially seems to be true of security software, I think because good security software has the ability to access parts of the file system not usually accessible.
Superantispyware has a feature called “DDA”, for Direct Disk Access.
I suspect the driver for this is what’s being flagged.
So, if this file belonged to something else, the suspicious behaviour would definitely be a cause for further investigation.
NOt really a “False Positive”, more a genuine and valid detection, that in this case proves harmless.
I’ll click Ignore and send the file to Alwil for further analysis. Hope they correct the false positive soon.
Whilst this is a valid file, I have SAS Pro installed and a) this services isn’t running, b) there is no detection by the avast anti-rootkit scan, obvious I guess since it isn’t running.
Now I don’t know what version of SAS you have free/pro or why this might be running on your system but not mine ?
It may be that your SAS update happened to coincide with the avast anti-rootkit scan 8 minutes after boot (or why it would be a hidden service) ?
I have just initiated an SAS update and is progressing, but a) no detection by avast and no sasdifsv.sys running.
You should however, as Tech mentions