I have avast 7.0 free, Vista home premium sp2 and Filezilla 0.934.
I am noticing that the server interface can not connect and reties every 5"/ Going to services, i see that Filezilla server is STOPPED. when clicking Start avast complains and stops the service immediately.
I uninstalled filezilla and downloaded 0.9.41. When clicking to install the downloaded program avast complains with the attached message.
Failed to attach the screen capture of avast complaint(?!) so here is the text
"avast has finished analysis of the program.
! we did not find enough evidence to identify the file as malware.
However you should still use extreme caution when accessing it
File: …\filezilla_server-0.9.41.exe
Reason: The file prevalence/reputation is low
Duration 0:00:00
The program has now terminated.
For next execution do one of the following
Open in sandbox or open normally
Never before did avast complain about Filexzilla!
Am waiting for your inputs before continuing the installation
Reading that, I find myself questioning two things:
What does “did not find enough evidence” mean? Does it mean 1) the evidence found is below some threshold and was ZERO, or 2) the evidence found is below some threshold but was ABOVE ZERO? I think it would be good to qualify things so people know which was the case.
Why are prevalence and reputation being lumped together? From an English point of view at least (which is how most people will interpret the wording), prevalence would be how widespread or common the file is. Technically speaking, that tells you nothing about whether or not a file presents some kind of threat. Prevalence could be a simple scale from 0 to whatever. From an English point of view at least, reputation requires that a view be held. IOW, if you have been exposed to something and formed an opinion, then that something has a reputation in your eyes (positive, neutral, or negative). If you have not been exposed to something (enough) you cannot have an opinion and its reputation in your eyes is not low it is undefined or TBD. The fine point being, reputation can’t be a simple scale of for example -10 to +10 because there is also the “reputation not yet determined” case. I know this is confusing, but lets try some examples:
File1: Prevalence = 0, therefore Reputation = NotYetDetermined. We have no idea if the file is a threat, but caution would be in order.
File2: Prevalence = Low, but there is zero evidence of any threat (it could even be a Hello World app!) and it might even be from a whitehat organization so Reputation = Good amongst the smallish number of users. One can lower there guard somewhat on this file I would say.
File3: Prevalence = SomewhatCommon, but this is a common form of malware so Reputation = Bad. Even though its prevalence is higher, it is a threat and therefore is the worst file we’ve talked about so far.
I hope you understand the point I’m trying to make. Which is, I think it would be helpful if the words and definitions and standards were elaborated upon and the warning message text fine tuned so that people would know exactly what is being communicated. I think it would be a mistake to equate “low prevalence” with “low reputation”.