Disabling certain virus definitions

system · 2017-10-04T09:43:48.000Z

I keep getting the trojan match on multiple Excel files: VBA:Downloader-BUO [Trj]

It appears that it’s triggered by a simple http get/post line in the vba scripts. I’ve programmed it from ground up, so chances of having trojans are practically nill. Also no other anti-virus products are triggered by it.

Any possibilities on white-listing certain types of detection strings? Preferably managed over the cloud. Or is my only possibility to flag every instance as a false positive and hope that Avast will make a change on their end? I cannot white-list a location as these files are all over the shared network drive.

Cheers,
Jamie

Asyn · 2017-10-04T10:13:50.000Z

→ https://www.avast.com/faq.php?article=AVKB229#artTitle
→ https://www.avast.com/faq.php?article=AVKB228#artTitle

system · 2017-10-04T11:10:22.000Z

Asyn post:2:

→ https://www.avast.com/faq.php?article=AVKB229#artTitle
→ https://www.avast.com/faq.php?article=AVKB228#artTitle

I’m afraid those don’t help much. For the first link: Excel files are not binaries that remain unchanged, thus there is no fingerprint to whitelist.

Second link: Excel files are not binaries, executables or installables.

Modern Excel files have the ending .xlsm or .xlsb with no precompiled code.

The most effective solution is to disable the checking for: VBA:Downloader-BUO [Trj].

I already have the heuristics set to low.

Asyn · 2017-10-04T11:12:09.000Z

You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php

Announcements