False positive - Steam update of Company of Heroes 2...?

Hi,

get a probable false positive as my Steam account updated Company of Heroes just now. The file RelicCoH2.exe is said to be a Win32:Evo-gen. Avast quarantines it and Steam tries again…

File is located in …\Steam\steamapps\downloading\231430 on my computer and seems legit.

Have submitted it from virus chest to Avast.

Please fix.

Avast are usually quick to correct a false positive when it is confirmed. Periodically scan the file copy in the chest, when it is no longer detected (indication that the FP has been confirmed and corrected), you can restore it to the original location.

You could try uploading the RelicCoH2.exe file to http://virustotal.com/ for scanning by multiple AVs (40+) and see what detects it - if only avast then it is most likely to be an FP.

If you accept the risk of it not being an FP you can restore it from the virus chest and add to exclusions at the same time.

Uploaded file to VirusTotal… and none of the 53 antivirus programs including Avast of current date and version did not find any threats in the file… (fully updated and streamed updates here). Despite this my Avast still blocks it…

???

Some of the avast functionality isn’t present in the VirusTotal ‘on-demand’ scan - the DeepScreen, Hardened Mode and checking against the avast cloud for file-reputation (little known or used files), etc. So it isn’t unusual to see avast detecting on a live system (on-access) and not in the on-demand scan.

As I mentioned you can Restore and add to exceptions, if you accept the risk it may not be an FP, or wait until the likely FP is corrected.

Currently making Complet Restore Disc backup of my computer… will try restoring file after that…

Better safe than sorry

:wink:

Well… restored file… Game installs… and Avast pops up again… now with… the filename.tmp… restoring it also.

Game started… no extra nice “unwanted processes etc started… no strange disc or network accesses”

So it looks to be a false positive.

I keep the disc backup for a while I think, just i case.

On to the game…

To confirm a possibly FP: http://www.herdprotect.com/reliccoh2.exe-84b5572698fa34cd0af0d3526893145104a86391.aspx

polonus

That file is an older version… the new one is larger … 37 203 968 bytes. So it is not the same… unfortunately.

So we have to what for Avast to decide…

I’ve also run across this problem and people all over the Steam and Company of Heroes 2 forums are posting about this. A lot of people recommend getting rid of avast and replacing it because this is an issue that avast has with many programs.

Yes, that is why they write: More specifically, it is a Win32 EXE file for the Windows GUI subsystem. More than likely the file is harmless!
A fp on File PE Metadata. File is signed and stamped. Accurate detection asks for a good and solid framework.
Thanks for reporting the issue here. Report this issue to virus AT avast dot com.

polonus