I don’t know how to determine if something is a false positive. For the last month, whenever I try to let PortableApps upgrade to the current version of IrfanView Portable (an image viewer I have used for years), Avast quarantines it, saying the file (IrfanViewPortable_4.70.paf.exe) is infected with “Win32:Malware-gen”. The PortableApps folks check everything for malware before they transform it into a portable version, so this is likely a false positive, but how can I be sure? The PortableApps support page suggested three online virus scanners as a way to get a “second opinion”, but did mention that each of them uses lots of antivirus engines and will generally show false positives in a few of them. But how many is “a few”? For the file I’m concerned about, VirusTotal got positives in 8 of 68 engines, MetaDefender in 2 of 32, and Jetti in 3 of 13. I googled to see if others are talking about this but found nothing relevant.
First, I’m an Avast user and not an Avast Team member.
You can also check also upload file here for analysis by multiple AVs and see what they feel.
- https://www.virustotal.com/
Obviously you would have to set an exclusion for that file to allow you to upload it to Virus Total.
You can report a possible False Positive for File here.
- Choose Your Sample Submission Type | Avast
- You won’t get a direct response but it should be analysed within 48 hours, if found to be false it will be removed.
I already did that (and even mentioned it already) - of the 68 virus engines that VirusTotal checks it against, the file in question was flagged by 8 of them. Of course Avast and AVG were two of those, but the others were Bkav Pro, DeepInstinct, Fortinet, Google, Ikarus, and Skyhigh (SWG).
I hesitated to report it as false positive in the Avast app because I thought I would be saying I know for sure, but you say it will be “analysed”, which is encouraging - I don’t want them to just mark it as false positive but to take a closer look at it. I’ll go ahead and try reporting it and see what happens.
Interestingly I still have an old copy of IrfanView 4.70 (latest 4.72), but not portable version and that isn’t an issue with the current version of Avast.
Today 4.72 became available in PortableApps form (there’s always a bit of delay), but it is still flagged by Avast, albeit with a different supposed infection: “FileRepMalware [Misc]”. I guess I could report this one also to Avast as a suspected false positive.
Do you have a screenshot of the avast pop-up, with Details part, that you can post here. By the description, it sound like a reputation alert, so yes, I would send a False Positive report to Avast and see what happens. You will not receive a reply from Avast, So give it 48hrs then test again.
Note I am not an Avast Team Member, just another user.
Here are the screenshots, which I had already grabbed previously but couldn’t figure out how to include in a post on this forum. (I was looking for an image icon - I didn’t realize until now that the Upload icon was the key.)
OK. So it is Avast File Shield that is detecting this ...Updater.exe file as malware.
As DavidR has already said in his post.
Test that file is clean here: VirusTotal
If clean, report as False Positive to Avast: Choose Your Sample Submission Type | Avast
Give Avast 48hrs to consider, (they will not reply to you), then try it again.
He already reported he did that.