Stop Avast from automatically deleting?

Avast Free Antivirus / Premium Security
1

Every time I run a program to reduce lag in this game (Warcraft 3), Avast automatically deletes the whole file.

I did some googling and went in and changed "File System Shield → Actions → to “ASK” for all 3 threat categories (Virus/PUP/Suspicious), yet every time I run the thing it still instantly zaps it every time. I’ve used the file in question a long time and am comfortable about running it, so is there any other way to stop this other than effectively turning my Avast protection off?

2

Try going to Settings/ Active Protection/ File System Shield Settings/ Exclusions and add your program.
I have several in there myself, that Avast kept deleting.

3

@ paladin8400spam,

Name of your file? How long have you had this issue?

Look in virus chest for your file. If you find it there, you can right-click the file and submit a false-positive report directly from there to avast!

You can also upload your file to Virus Total dot com and copy/paste scanning results (final web address) here in your next reply.

4

This appears to have worked, or at least, it’s not instantly deleting it! I’ll see if it continues working without being targeted by avast. I totally missed this setting when looking for solutions, sorry. Thanks man.

Hi, it’s actually an application called “Latency Hack” (Latency_Hack_1.26.rar) for Warcraft 3. What it does is reduce the built-in lag in the game by modifying the way you connect or something and the value of the latency/delay (in milliseconds). I know it sounds seedy, and I already put it into virustotal and it got like 19/54. I thought since it’s editing something to stop you from lagging so much, it might turn up as a false positive, and I’ve had no problems with it and many others in the WC3 community use it. Any opinions on this type of file? I could link it (here or to you) but I refrained from it if it’s at all iffy. Let me know, but I’m curious if other similar 3rd party programs often turn up false positives.

Here’s the virustotal page, if this works: https://www.virustotal.com/en/file/2dcccaca77d22f90c965fc0a52a81dde97b8e2d3409e2a5a478ffa238ad665da/analysis/

19 say it has something while 35 say no problem at all? And I’ve had no problem so I don’t know.

5

Could a game-tweaking executable from the Internet have malware in it? No way! :stuck_out_tongue:

Seriously, I don’t know this program at all, but if 19 of 54 virus scanning services flag it, I’d be suspicious. Now, it could be that they all sense its behavior - maybe it pokes data in places you’re normally expected to keep away from, and therefore it may be flagged as malicious - where in fact in this particular case you really WANT that to happen. But that’s a bit of a stretch.

Your anti-malware software is on task because you want to trust other, well-funded research organizations to determine for you whether the software you’re trying to run is malicious. False positives are a possible reality, but usually they’re relatively unknown things that Avast and company haven’t seen before. With something that’s commonly downloaded, and the AV companies still flagging it, I’d worry. I doubt you’re the first person to submit the detection to them, assuming it’s not brand spanking new.

Regarding “many others in the WC3 community” running it… You, by virtue of the fact that you’re here, may be the best educated about security of the lot of them.

Erring on the side of prudence would be my suggestion (unless you LIKE reinstalling Windows and all your apps). Submit it as a potential false positive and do without it for a few days, then see whether it’s allowed. If it’s still blocked after Avast looks it over, it probably really is malware. And who knows, you may find that the game runs just as well without it.

-Noel

6

There is no reason to use something like that.

http://www.speedguide.net/articles/windows-2kxp---more-tweaks-158
Gaming Tweak - Disable Nagle’s algorithm

7

Not sure how you got a week old detection result from VT when your last post was here yesterday at 8:42 AM forum time.

See attached below:

In any case, prudence is usually the best course, and finding alternatives that work, as Eddy suggests, is your best course of action. If a low-prevalence file is detected by 1 or 2 a/v engines, then that may be a false positive detection. Not so sure with 19 out of 54 a/v engines.

Malicious behavior in a file is defined as:
http://en.wikipedia.org/wiki/Malware
False positive detection and consequences:
http://en.wikipedia.org/wiki/Antivirus_software

In order to determine whether this file is malicious or a false positive, one must look at what type of classification your file is catagorised as. Here, 12 a/v’s have it as a Trojan, or at least one that is heuristically detected. You can quickly use the first link to see what wiki says a Trojan is.

Apparently some of the Trojan detections above may involve some sort of spyware capabilities. This may have come about by some sort of legal agreement you, the user, agreed to in the TOS (Terms Of Service) fine print, as when you installed it, that would allow them to install that (spyware) part of the program legally. Otherwise, this file should not be classified as a Trojan. I’d look again at their TOS to see if such a clause is in there.

Artemis is one of the detections noted: https://community.mcafee.com/thread/2016

To sum up: Your file falls into a gray area, but displays possibly unwanted or undesired behavior when an analysed by some of the 54 a/v programs. This evaluation is done by each according to their criteria and rules they each have established for what a normal safe file is, and what is not.

You can research a little more on the web, information about your file here: https://www.google.com/#q=Latency+Hack+v1.26.rar&spell=1

Keep in mind that what is free on the Internet is not always free, tho. There can be a hidden cost and it is not always readily evident. IMO, gray area files or programs are always included in this category.

8

The thing is the game server itself builds in 250ms of delay automatically (plus whatever latency is on your connection’s end), as this game was from 2003 in a time where 56k modems were still the norm, to prevent rampant disconnections. So it’s not necessarily something to fix with my connection but an inevitable thing. Otherwise the #1 solution would just be get a faster internet connection. I appreciate all the perspectives though and it seems to be working without a hitch thanks to this thread.

@mchain, I believe someone else must have checked it a week prior and it must’ve just given me the old results. Sometimes it says the file was already checked and just regurgitates the scans.

I’ll continue using discretion (and avast!) Greatly helpful community here.

9

Noone seems to react on this:
"Went in and changed “File System Shield → Actions → to “ASK” for all 3 threat categories (Virus/PUP/Suspicious), yet every time I run the thing it still instantly zaps it every time.”
This was written in the first post.
Is this yet another bug?

10

Scrooge, no it is not a bug.
It only means that paladin didn’t setup things correctly.

Also, that application is claiming to do something that is not possible.

1]
Can it change settings on a users system?
Yes, but only if the user has not setup his security properly.

2]
Will it speed up things?
No, not at all (at least not noticeable to a user)

3]
Latency depends on several things,
not only the users system but also on all servers the packages go through as well as the end server.