Photoshop Droplets False Positives?

I had a pop up saying “Threat Detected” but Avast had not allowed the file to be opened. Just as a precaution I ran a quick scan. The attached screen capture has my results. Are these false positives?

I have not put them in the chest yet in case they are. Any further instruction would be extremely appreciated!

Are these false positives?
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners when you have the result, post link to scan result here for us to see

you may also post a screenshot of the avast warning

alternativ: www.jotti.org or www.metascan-online.com

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to Open the chest and right click on the file and select ‘Extract’ it to a temporary (not original) location first, see below.

Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

####
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn’t hurt.

@@@@

  • In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below):
    File System Shield, Expert Settings, Exclusions, Add and
    avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the * to \file_name.exe where file_name.exe is the file you want to exclude.

Here are the virus total results for all 9:

I’ve also attached a screen cap of the pop up.

https://www.virustotal.com/file/e9cc946789a4b658303aa3746e45efdd282afeb9185a7f6fefa99528fc91ee88/analysis/1356471228/
https://www.virustotal.com/file/517bcc8c621a7b79f27a6440cc671620d0ccdba972b2da7cfa82698fc774ec1a/analysis/1356471290/
https://www.virustotal.com/file/203061a40099472d6cffad1bdd59c4c5f75ebe35a56a232c2e1034461cca30f8/analysis/1356471481/
https://www.virustotal.com/file/353e61c75b74e5220920d1bd9da233dcdd8c1c97b154a7c20bcde93b9095009c/analysis/1356471565/
https://www.virustotal.com/file/e5cdd935b1caee41e0ad25e9a06ccfb1585d77c5c9f9d5c9fa4e12d0bfa74ae9/analysis/1356471742/
https://www.virustotal.com/file/38ab354965228bd80f2868f37b9a95b2e6ed828704561841d377afc8a82e4b2f/analysis/1356471822/
https://www.virustotal.com/file/1ec07ee62d6a447ed849cdfc3b50bf12626afc95f7949fbbdc56030921836dda/analysis/1356472023/
https://www.virustotal.com/file/85a39d02f7e5c2960e3f74f16010a35847147df2268484f0213195133a511c87/analysis/1356472082/
https://www.virustotal.com/file/ac051c83497a93555d21f5aca7d2a905edb4cf7a0809045292fe08513311b5f9/analysis/1356471158/

yepp…sure looks like FP, only avast detect and all files are older then 2years

First seen by VirusTotal
2010-03-09 16:32:08 UTC ( 2 år, 9 måneder ago )

you may report False Positive here http://www.avast.com/contact-form.php?
you may add a link to this topic in case they reply…

Certainly looks like an FP, submit the files to avast for analysis as outlined in my last post.

You would have to either allow avast to send them to the chest or manually add them to the chest (this just makes a copy in the chest, the original stays in location).

If manually adding them open the chest and select add to chest (see image), then submit as per previous instructions. Your choice if you wish to add them to the exclusions so photoshop would have those droplets available.

done!

Thank you both for your help!!

No problem glad I could help.

Welcome to the forums and a Merry Christmas.

I didn’t find this thread before posting a reply to another one, but I’m seeing the same thing.

https://forum.avast.com/index.php?topic=60354.msg879209#msg879209

The computer emits an audible “ding ding ding, Threat has been detected” some time after midnight - I assume due to an Avast! automatic scan. I don’t think I have anything scheduled to run just at that time, but there are bunches of things Windows itself does between 12 and 1 am. I do see that the avast! Emergency Update job is scheduled for 12:43:39 am.

Funny thing, but a manually initiated scan of the listed folder does not turn up a threat. Interesting that the message implies something about another process holding onto the files.

These are not files I run (or have ever run). They’re sample executables provided with Photoshop 6.0, which I don’t use much any more - just for testing.

-Noel