The detection is from Avast! Behaviour shield that monitors for malware like behaviour.
So necessarly the app did something identical to malware that triggered this.And since IDP Didn’t prompt you for action means it had a high accuracy for the file being bad.
I will try and get someone from Avast! To take a look.
Yes it restores and saves a copy in the chest.This may actually not be a fp since it was caught via behaviour.Its better off not adding it to exclusion since we don’t want to infect the system if it is bad by any chance.
*Since my software update is always named Gep8.exe: By selecting ‘Restore and Add Exclusion,’ will Avast recognize it as a threat again the next time it is updated or will Avast ignore future updates as a threat because Gep8.exe has been excluded from being detected?
I ‘know’ that the file is legit because GEP8=Gravis Easy Phone Version 8.
I access the software through the desktop shortcut icon not an .exe file. I checked the Gravis Folder but it only the Setup file is listed and Windows Search did not detect Gep8.exe
I just ran a full virus scan and no threats were detected.
Hi,
If you access the file via shortcut, right click the shortcut, select Properties and look at the “Target” field. That is the path to the file that needs to be sent to us, either directly, or if you upload it to virustotal, we will know which file it is.
You are correct, but for a wrong reason Avast does not seem to detect it in VT, but this is not because someone added it to exclusions; it is because virustotal does not run the file (and therefore does not scan it with behavioral shield).
I added the file to our cleanset, along with 31 other files signed with the same digital signature.
I also marked the digital signature as clean, which means IDP detection will never be triggered on files signed by this signature in the future.
To be clear then, Gep8.exe is clean but detected as a false positive-Correct?
The ‘31 other files with the same digital signature’-What do you mean by that and who uploaded them?
Was I correct to ‘Restore and Add It As An Exclusion’ earlier? I was aware that it was a false positive because Avast recognizes it as a threat every tine the software is updated.
Correct. The file is clean, and was mistakenly detected due to suspicious activity.
When I queried our database of files for the signature, I found 32 files total - one of them was the file you uploaded, the rest we got mostly from other people.
Thios is new to me so I would appreciate the following clarifications:
'The file was mistakenly detected due to suspicious activity-Do you mean that Avast mistakenly detected it as suspicious?
What would cause the file to be mistakenly detected due to suspicious activity when it is a legitimate program?
Were the 31 other files the same file that I uploaded or did 31 others upload potentially suspicious files at the same time as I did?
Was I correct to ‘Restore and Add It As An Exclusion’ earlier? I was aware that it was a false positive because Avast recognizes it as a threat every tine the software is updated.
Some (even legitimate) programs explicit suspicious behaviour. And we at Avast are better safe then sorry, if it is “too suspicious”, we rather block it than let our users be infected. Furthermore, how do you define “legitimate program”? How do we know it is “legitimate” if we have no info about it?
There were 31 other files signed with the same digital signature. Not necessarily with the same filename, not necessarily submitted at the same time. Some might have arrived a year ago, for example.
Again, yes, but for a wrong reason. There are many malicious files (viruses, even) that update themselves. Just the fact that something “updates itself” doesn’t mean it is clean!