Starting today, Avast keeps popping up “VIRUS FOUND” boxes for DLLs in my C:\Windows\assembly\ directory as a Win32:Evo-gen[Susp]
(once again a great case for an “ignore file” option)
What’s the best way of preventing this? I’m fairly certain that the file in question is OK (it’s part of Telerik WinControls) but I can’t upload it to VirusTotal to check because of the nature of the directory and whatever ‘virtual’ structure Windows uses to display it.
I don’t really want to add an exclusion for the entire assembly directory as this would prevent detecting any real future viruses within, and adding a new exclusion for every single pop-up has already become more than tedious today…
I have reported some of the files as false positives but of course this does little to deter further pop-ups at the moment!
Good Morning Pondus, Eddy, thank you both for your replies.
Actually not what? ??? As mentioned I’m fairly certain this is is not a virus although it may indeed be suspicious - as an addition to the .NET framework it is probably considered non-standard and placed into, or calling into, parts of the framework not normally expected - it is the Avast pop-up that is entitled “VIRUS FOUND” in all caps like that (or may be it’s “VIRUS DETECTED”).
I reported using the link “Report as false positive” in the aforementioned pop-up. Is that incorrect? Is using the web forms you’ve linked better?
It does? the drop down on the pop-up lists: Fix automatically, Move to Chest, Repair, Block and Delete. as far as I can see it does not list Ignore or No Action as an option.
Although I do see “No Action” listed as an option for some events for some scan types in the settings (e.g. File System Shield Settings->Actions->Virus|PUP|suspicious) I don’t see how to enable these actions for the pop-ups. Is this possible?
TBH I’m not exactly even sure what scan it is causing the pop-ups. I would have guessed at the file system shield, but as just mentioned in my example there are options available in the settings for that that do not show in the pop-up…?
I do appreciate that Avast is a free product so normally I wouldn’t post at all, I would just hit the report as false positive link instead, as I initially did with this (check my forum profile I have a total of 5 past posts over 4 years, only one of which regards malware detection). But with these popping up with an increasing frequency since yesterday mid-morning it is becoming more and more of a nuisance and preventing me from doing actual work… just as a virus would. This is why my question was what can I do and by mentioning ideas I had already considered about exclusions. If the answer is “nothing more” then so be it I guess.
