False positive Win32: Evo-gen

Hi,

I am software developer, and this is not the first time I have problems with false positives of Avast.

He is detecting infection by Win32: Evo-gen, and deleting the files automatically or prompting users with virus messages that do not exist.

This avast failure was causing financial losses. Our software has a trial version and the number of installs are decreased since that avast began to erroneously detect this infection.

I have sent an e-mail to virus-at-avast-dot-com with files but no answer.

Please correct this as soon as possible.

Use. Support.avast.com

Yes. I’m having problems with Evo-gen as well, I think many of us are.

It’s annoying when we see a note about “?..?.{dll|exe} (Win32: Evo-gen[Susp]” and we can’t do anything about it because the only allowed options are destructive in some way. We know the thing is not actually a malware, so we have to tell Avast not to look there any more, then report it as a false positive, blah blah blah.

And don’t forget, this usually happens when the family/company computer guru is away or asleep.

What we need is an automated action by Avast: when a “[Susp]” is detected –

[ol]- make no attempt to “fix” the problem, BUT

  • exclude that folder pending a verified positive, AND
  • upload the suspect file direct to wherever, with its full canonical path for evaluation, THEN
  • when the investigation is complete, un-exclude the folder and re-scan.[/ol]

Avast must understand that any short–one to 3 days–delay won’t fatally compromise the machine. It would help if Avast could put up a notification to tell the user what’s happening, and later to tell the user the result…

I don’t like excluding folders from the scan, but the cost of not doing this is a savage mutilation of my working software, including the system files.

Gordon.