Looking almost daily on the Hub mails I get from over 3.300 clients distrituted across more than 80 customers, seeing often blockings from the Webshield I think about this:

This solution is a nice addition to the content filter of the security gateway that our customers use but:

1. From time to time there are definitely false positive detections with big impact. In worst cases this will lead to much work for us and aggrivation with the customers.
2. Why isn’t there a solution that MSPs like us can push a button that says: “Avast this is probably a false positive, please check!” ?
3. Avast Hub seems not to be so smart that it gathers all the customers information to analyse how often customers have those detections, when, and if the (right now not existing) “false positive button” was pushed not just by one clients but also from diffrent customers and so on…

Let’s put it in other words: The Hub has the potential to get more out of the data it collects but right now it is just not used… maybe because of the work that avast would need to accomplish in the first place?

Instead of this MSPs like us have to do on of those things:

1. Make a request at https://www.avast.com/false-positive-file-form.php
2. Work with exclusions which is not always possible. For instances if some customers don’t use global policies

:-\

Update:

As of march 11th we got several customers detections for: http://ocsp.pca.dfn.de/OCSP-Server/OCSP.

Virustotal say: only one vendor flagged this as malicios.

Yeah… request to Avast was already sent…