Today my audio driver “SoundMAX ADI1988 Audio Driver V5.10.1.6110” was deleted as false Malware. Even downloading new official audio driver from (http://www.asus.com/product.aspx?P_ID=NFlvt10av3F7ayQ9) in compressed .rar is detecting same .exe as Malware.
Original file name: SMax4.exe
Original folder: C:\Program Files\Analog Devices\SoundMAX
Size of file: 729088
Category: Infected files
Virus description: Win32:Malware-gen
OS: Windows XP 32bit
avast! Free Antivirus \ Program version: 5.1.899 \ Virus definition version: 110204-0
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below):
[b]File System Shield, Expert Settings, Exclusions, Add[/b] and
[b]avast Settings, Exclusions[/b]
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the \* to \file_name.exe where file_name.exe is the file you want to exclude.
Thanks for the update, FPs once acknowledged are usually corrected quickly. But if you can’t do without the sound then you can do as suggested and restore it if you accept the limited risk it isn’t an FP.