In last month-two I have problem with false positive files. Many files. At most they are installers for different programs, and it seems that all of installers are created with Inno Setup and NSIS.
OK, I can exclude that files from scanning, but whay that happens? What is problem with this instellers?
Please pack the misdetected files into a password-protected ZIP or RAR and send them (together with the password) to virus@avast.com for analysis.
Or, if they are big, it’s possible to upload them to ftp://ftp.avast.com/incoming - but in that case please send a notice here, because the FTP is not monitored.
Exclusion is just masking a problem, correcting the problem is the best solution.
I may be just what a file is doing that may be consider suspect, but since you don’t give any information (file name, location and malware name) it is impossible to say (or correct).
If you get what you believe to be a false positive you need to confirm or deny the detection one way or an other and if confirmed as an FP then the sample should be sent to avast, so that they can analyse the file and correct the VPS so it isn’t detected.
Actions:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Ok, when I get better Internet connection, I will upload all files. That will be in next few days. Also, I will upload some files, unknown status for now, but for one I’m sure that is backdoor because it start Firefox in background. All of that files Avast don’t recognize as potentialy dangerous.
That’s exactly why using FTP is not a good idea… somebody uploads a group of files and nobody knows what they are. Putting suspected false positives and false negatives into one archive doesn’t really help either.
So, can you please tell us which of them you consider false positives at least?