HonzaZ
5
Hi all,
This is a very delicate issue. Evogen technology is based on similarity of files, and the detections are released automatically. The technology has its very strong point, as it can detect files that have not yet been spotted by any antivirus, and therefore can predict “maliciousness” of new samples. While this technology is VERY successful, it also has rather more false positives. This is, however, not due to the detections being worse, but due to the fact that there are many more of them. We recognize the issue we are currently hearing from our users, and trying by every means to improve the situation. The technology is so advanced, though, that having fewer false positives can now be achieved only by having fewer detections, which is not the path we want to explore. I am sure, however, that Evogens will gradually get even better, as our cleanset is populated with samples that users believe are cleaned.
In the meantime, there are two options:
- Submit every false positive sample to our viruslab (by the “report a false positive” button in the warning), or
- Turn off Evogen detections completely. (You can do this by setting “DisableEvogen=1” in “[Scanner]” section of avast’s .ini file.) Keep in mind that this action should be taken as a last resort, as you would be effectively cutting some of avast’s means of fighting with malware, and only in situations where you are hindered at work (as ncs_sniper reports).
That’s it, I hope I explained myself a bit:-)!
Honza