False positive VBS:Malware-gen detection in VPS 20170221-1 (22.2.2017)
What happened?
The VPS 20170221-1 contained an invalid script detection that resulted in a significant false positive across the Avast userbase.
How did this happen?
The Threat Labs team deployed a change in detection verification logic which moved the verification to an earlier stage of the detection release process. Multiple factors including deployment of new backend version caused this detection to bypass safety checks that are normally in place resulting in its release.
What are we doing to fix this?
We are implementing additional checks in the detection generation, detection validation and detection testing processes to prevent such errors in the future. On the mitigation side, Avast has the capability to stream updates to select detection containers. However this particular detection type is not included in the streaming updates at this time. We will enable streaming also for this detection type so we can remove these detections much faster in the future.
Conclusion
We apologise for the released detection and are working hard to prevent such occurrences in the future.
:o Ruh-roh, what’s going on with the new def database? Anything the rest of us should be concerned with, especially as compared to why this thread even exists? :-\
Everyting is ok now, but i still don’t understand how is possible you release that bad definitions. Is that same as you release last version of Avast with too many bugs. It seems no one tested this before release. And this is very dangerous. I don’t want imagine how big trouble people has with this. You maybe lose some customers, everything is possible because this is not first time. I am using avast from version 4 and last years its worse and worse.
I am trying to recover the 500 files that I accidently deleted while doing the virus scan. So I have found this Data Recovery Tool, which has come up with a loong list of deleted files from general usage in the past days/weeks/months? Idk. There is no way to check the date the files were deleted or anything…
Does Avast keep a log of virus scan / deleted files maybe? Then I could maybe cross check file names with that log file
If you’re referring to my quoting you and asking my question, I wasn’t trying to be sarcastic… you said you had an issue/problem with the new virus definitions database [QUOTE: Noixz: “My Issue is with the new VPS (170222-00)”], I was seriously trying to ask (as stated) if it’s an issue the rest of us need to be concerned with, especially considering the whole reason this thread exists… as in false-positives causing several files to be deleted that didn’t need to be.
Just because I said “ruh-roh” or tried to be a bit more subtle/soft about it, doesn’t mean I’m not asking a legit question. Perhaps you need to get off your high-horse and realize that not everybody is going to phrase or word everything to your specific standards or likings. :
Guessing this means that the “problem” that you have with the new database was obviously troll-bait, and it’s best to just add you to my ignore list. Good day. 8)
EDIT: This is exactly what I said - " :o Ruh-roh, what’s going on with the new def database? Anything the rest of us should be concerned with, especially as compared to why this thread even exists? :-\ "
PS - Next time when you say that you have a problem with a product or its definition-database, you might want to specify WHAT THAT PROBLEM ACTUALLY IS… rather than choosing to get triggered by, and snapping at, those that actually give a crap to ask what that problem might be. (In a thread such as this, saying you have a problem with the new database, may as well equate to shouting “fire” in a movie-theater when there’s no actual fire.)
PPS - Thank you for giving a shining example as to what it means to not be helpful, nor constructive, to a thread. ;D
Yeah, I’m a victim of Avast, too. I did a full scan last night after installing the newest version of Avast, and it deleted some stuff. And since I was scanning my backup drive “just to be safe” I’ve lost some things that I can’t get back. >:( I just renewed yesterday, too. I doubt I can get a refund, so I guess I’m out the $35 because I’m going to switch anti-virus software.
I dont see those names in my program. I am using a Mac running Avast Security 2016, maybe that changes how things show?
Plus if you refer to the Reports → Virus Scan Reports, then its empty. It only shows 3 scans that I interrupted myself after doing the 500 file scan. Maybe there is a max on 3 reports logging?
I wish this came up on Google when I looked it up last night. 66 false (probably) positives.
I put them the chest, but didn’t delete them, as I had thought it sounded fishy.
Is my computer wrecked now? I’m hoping not. My computer didn’t crash or anything, but I’m still worried. ._.
Why you deleted those files? Avast by self don’t delete anything. And if yes by system file shield, it will be in your virus chest = easy restore. You are only victim by self.
