Exclusion

Avast Free Antivirus / Premium Security
1

I have 5 false positives and I want these to add to Settings, Exclusions. But with avast 5.0 Free I can only add folders to Exclusions and not files. With avast 4.8 I could add files to my Exclusions. Why? Thanks in advance. Kind regards, Mike098

2

“To exclude files from being scanned by all parts of avast!,
including manual and scheduled scans, and the real-time shields,
it is necessary to specify the files or areas to be excluded in
the general program settings.”

3

After I specified the files with the paths I did a scan and the exclusions are not excluded, because there came a message of detected threat again. I think exclusions don’t work! Kind regards, Mike098.

4

Excluding files before confirming your suspicions is potentially hazardous to your system.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

  • avast5 - Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect* That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.

  • GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP if no other scanners detect these.

Whilst exclusion might help you it doesn’t help other avast users so they should be submitted to avast as possible false positives.

5

These are the 5 false positives:

  1. C:\hp\drivers\audio_HD_realtek\RTLCPL.exe (Embedded_R#252c7c)
    Virustotal: http://www.virustotal.com/nl/analisis/120ad9d77e2d34bce98e4ba118ee8137ec53cf787bbf62164e4c67e8155e0c6f-1264936795
  2. C:\WINDOWS\ALCFDRTM.EXE
    Virustotal: http://www.virustotal.com/nl/analisis/ca0cbceff9053c5f3d5093f0750246bd4e3248c4e9dbacc21f4d46e8938fdbe2-1264834387
  3. C:\WINDOWS\ALCFDRTM.VER
    Virustotal: http://www.virustotal.com/nl/analisis/ca0cbceff9053c5f3d5093f0750246bd4e3248c4e9dbacc21f4d46e8938fdbe2-1264834387
  4. C:\WINDOWS\RTLCPL.EXE
    Virustotal: http://www.virustotal.com/nl/analisis/120ad9d77e2d34bce98e4ba118ee8137ec53cf787bbf62164e4c67e8155e0c6f-1264936795
  5. D:\I386\Drv\APP11259\SFC\RTLCPL.exe
    Virustotal: file is not accessible!
    Thanks in advance. Kind regards, Mike098.
6

I forgot to add to false positive 4, and 5,: (Embedded_R#252c7c)

7

There is some duplication in the scanning at VT identical MD5 hashes for the first 4 detections, send one of each of ALCFDRTM. (2&3 on your list) and RTLCPL.exe (item 1 & 4) to avast as false positives.

Since item 5 on your list is also an RTLCPL.exe file I will assume (dangerous I know) it is the same, hopefully any correction on the RTLCPL.exe detection will also cover this.

  • Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

  • In the meantime, add it to the exclusions lists:
    Standard Shield, Customize, Advanced, Add and
    Program Settings, Exclusions (right click the avast ’ a ’ icon)
    Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
No problem with the additional info as it relates to one unique file, sending the single rtlcpl.exe file should still be enough
8

Dear DavidR,

I have sent the 4 files zipped with password protected to virus@avast.com with password in the e-mail.
Thanks for the fast information. Kind regards, Mike098.

9

No problem, glad I could help.