False positives

I have recently switched from Avast to Avg due to performance reasons and the behavior shield that Avg uses seems to detect more false positives than Avast ever did. In the last few weeks, a legitimate process in windows (can’t remember which one it was) and TeamViewer’s sponsor window “7.hta” have both been blocked, an occurrence that had never happened while I was using Avast. :-\

EDIT: The windows process in question was “mshta.exe”.

Hello,
post a screenshot of the window with detection, please.

Milos

This is for the Teamviewer app. I couldn’t reproduce the windows process one because it happened on a laptop I was servicing, you’ll just have to trust me on that one.

Here’s another false positive detected by the behavior shield. This is a legitimate AutoCad installation file downloaded from their website.

VirusTotal analysis: https://www.virustotal.com/#/file/b9c299c25f8d4658ff433062c770400b20fc9bcf6c8c6abc1d587d5d90fc3c07/detection

In response to your lats post (and picture) - if I’m thinking of the right think, IDP detection’s have a guideline to follow for detection that is almost universal. Though I can’t find the information on it.

Milos (or someone qualified from Avast!) will swing by again and check things out.

https://i.imgur.com/DWaaKoJ.jpg

Here is a screenshot of the issue. Its happening to me as well now after I update teamviewer.

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

Even after reporting the file, and getting a response from Avast that it has been whitelisted, the 7.hta file is still getting flagged.

Strange, wait for Milos…

Hello!

Any news regarding this problem?

Hi,

the problem of the 7.hta is that it’s generated after each start or the TeamViever Free. You should add the exception for the full path for Behavioral Shield.

Regards,
PDI

Yes, I was contacted by Avast recently. They said they’d have to look into it with TeamViewer’s representatives as the software itself is generating “very suspicious files with adverts with no digital signature”.