How can I “downgrade” or use a previous virus definition update?
We are having a problem with avast and a false positive on a Huawei phone, but out avast has a different VPS and we can’t reproduce the error.
Looks like Huawei updates it’s custom avast based AV differently, and it is still using a previous VPS. I want to analyze our APK on desktop with the same VPS and see what is the virus so we can find out the cause, even tough it is a false positive. Maybe we can just update a library, or try not to use a non-core one.
Getting our app flagged as virus is a very serious problem, we cannot just say “hey, wait for the next virus definition update” to the users…
So, how can I do that?
I’ve found the Virus Update History: https://www.avast.com/virus-update-history
Looks like 25.06.2017 might be the culprit, I want to download that one and install it in my PC/phone. Can I do that?
BTW: the captcha to post here is ridiculously hard…
The captcha is there only the first three post and it helps to keep spammers away from this webboard.
To answer your question, you can’t go back to a old(er) VPS.
Besides that you can’t it would be really silly to do so as you will not be protected against the latest threads.
If you believe your application is falsly detected, report it to avast and they will have a look at it.
If needed, they will fix.change the detection. https://www.avast.com/false-positive-file-form.php
Avast already fixed it. But Huawei uses some kind of custom avast embedded into its own security app, and that one is still detecting our app as virus.
So we want to fix it on our own. Maybe we can just update crashlytics, or okhttp, or whatever component is triggering the false detection.
Looks like we are not alone, there are many more apps affected (The Guardian, Walmart, HBO Showtime…).
But looks like we can’t do anything, we will have to recommend users to uninstall your AV.
But looks like we can't do anything, we will have to recommend users to uninstall your AV.
You are very wrong there.
You should recommend your users not to use the software provided by Huawei as they are very obvious are not providing the users with the latest update(s) in a timely matter.
As avast already solved the FP, it is up to the users to update their VPS.
There really is nothing you, me or avast can do except telling the user to do so.
As avast already solved the FP it is really up to Huawei to roll out a update.
As the software provided by Huawei is only a stripped down version of avast, I would say tell the users to delete it and that they should use the full version provided by avast.
So we want to fix it on our own.
Forget it. You can't change the VPS and even if you could you would be breaking the law.
- Decrypt the the VPS (= illegal)
- Changing the file (= illegal)
- Offering people the changed file(s) (= illegal)
etc.
Looks like we are not alone, there are many more apps affected
Not really.
There where some apps that where falsely detected but as you said yourself, avast has already solved it.
Huawei says the definitions are updated as of today, but a lot of apps are still flagged as virus. In fact almost every app we install is flagged as virus…
We can’t uninstall this AV, because it comes preinstalled with the system. Maybe there is a way to deactivate it, don’t know.
Our only chance was to find out the “offending” bytes and try to remove them from the app if possible. But we cannot do that. We cannot tell Avast to use the bugged VPS to test things faster on a local PC, simulating what Huawei does on user’s phones and maybe get some information on where the problem might be.
What you can do is post sha256 hashes (or virustotal links) to your apps that you think are falsely detected by Avast.
If Avast does not detect it any more, and Huawei does (and it is indeed a false positive), then they must be slow in updating their database, not us, and it is a question to Huawei.