I am software developer, and this is not the first time I have problems with false positives of Avast.
He is detecting infection by Win32: Evo-gen, and deleting the files automatically or prompting users with virus messages that do not exist.
This avast failure was causing financial losses. Our software has a trial version and the number of installs are decreased since that avast began to erroneously detect this infection.
I have sent an e-mail to virus-at-avast-dot-com with files but no answer.
Yes. I’m having problems with Evo-gen as well, I think many of us are.
It’s annoying when we see a note about “?..?.{dll|exe} (Win32: Evo-gen[Susp]” and we can’t do anything about it because the only allowed options are destructive in some way. We know the thing is not actually a malware, so we have to tell Avast not to look there any more, then report it as a false positive, blah blah blah.
And don’t forget, this usually happens when the family/company computer guru is away or asleep.
What we need is an automated action by Avast: when a “[Susp]” is detected –
[ol]- make no attempt to “fix” the problem, BUT
exclude that folder pending a verified positive, AND
upload the suspect file direct to wherever, with its full canonical path for evaluation, THEN
when the investigation is complete, un-exclude the folder and re-scan.[/ol]
Avast must understand that any short–one to 3 days–delay won’t fatally compromise the machine. It would help if Avast could put up a notification to tell the user what’s happening, and later to tell the user the result…
I don’t like excluding folders from the scan, but the cost of not doing this is a savage mutilation of my working software, including the system files.