Dear all,
Avast in unduly triggering “Win32:Bundlore-B [PUP]” in KC Softwares “Lite” installers which does NOT include any PUP.
This is a flaw in AVAST detection engine.
Would you please fix in next database ?
Sample : http://www.kcsoftwares.com/files/sumo_lite.exe
Thanks !
if you think it is wrong, report it here https://support.avast.com/
Thank you.
I did try to contact the support using this form, but found no “FP” section.
I tried a “general” question… can you help ?
I tried a "general" question.... can you help ?i dont work for avast
when you click that link > at bottom avast virus lab > next pic has 3 options False positive / Undetected malware / Others
Done, thanks !
According to your experience + VT results, do you agree that my files are unduly flagged in current AVAST database ?
Must be a INNO, appended packer false positive detection.
Not for nothing the detection is given as non-conclusive by herdproject:
http://www.herdprotect.com/sumo_lite.exe-ebee735dc442ec0d1b94d5cf51d1bed37d65a289.aspx
Whenever there is no adware download bundled it should not be a PUP detection, but a false positive.
This Adware PUP detection may install toolbars or will display pop-up advertisements on the computer.
Win32/Adware.Bundlore is an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monetization platforms during installation. The browser extension includes various features that will modify the default or custom settings of the browser including the home page, search settings and in some cases will modify Internet Explorer’s load time threshold, place a lock file within Firefox to prevent competing software from changing its settings as well as disable the browser’s Content Security Policy in order to allow for cross site scripting of the plugin. Besides showing harmless ads, Win32/Adware.Bundlore may also collect user specific information with or without the user’s consent. This infection sends the collected user information to a central server for the purpose of delivering targeted advertising.Quote from malwaretips. Additional scan results: https://www.metascan-online.com/en/scanresult/file/deb7cc6b186147dcb40dfc9333443732
polonus
OK, so what can i do to get a “green light” from AVAST ?
Write to them here at virus@avast.com and add a link to the apparent FP and link to this support forum thread.
Whenever a FP they are known to correct this sometimes as quickly as with an upcoming update,
If you are sure that no third party is bundling the software with additional adware monitizer crap, you have a solid case.
polonus
According to your experience + VT results, do you agree that my files are unduly flagged in current AVAST database ?i dont use the program so have no idea if it comes bundled with PUP or have behavior that class it as PUP
OK, so what can i do to get a "green light" from AVAST ?report it .... and wait for the result ;)
The installer has NO 3rd party product included.
I did the install script, i’m 100% confident 
Thanks !
How long is the average analysis by tech staff ? Any possibility to reach them on the forum ?
Whenever an avast team member finds a reason to react they would do so.
Just to justify a correct detection or to confirm a FP update.
So that is completely up to them.
We here are just volunteers with relevant knowledge,
FP repair is their excklusive duty.
Have a nice day,
polonus
Thanks !!
SUMo has two downloads, one includes some links to other programs, the lite version is absolutely clean.
The issue for Avast might be their reliance on hashes, since SUMo is very often updated.
However, SUMo does NOT execute any programs, it just scans programs’ properties for version# so there’s no way one can separate in Avast just a plain read of a file.
One of few flaws of Avast is that it just can’t deal with changing programs. Whether bought, free, or written at home.
Hello,
installer contains Relevant knowledge, but it (if it’s same sample which I saw in our support system) looks it’s not downloaded and installed automatically. So the detection will be fixed in next stream update (10 minutes).
Milos
Thank you !
Would you please confirm once it’s fixed online ? Does this mean that it will be effective in VirusTotal too ?
response from Norman/BlueCoat
Hi, This is not PUA. Thanks
I assume this is a good news ?
It is 
Great ! Thank you !!