Has anyone recently had avast! flag a Windows Installer file named c415ae.msp as infected with Win32:Bifrose-EGW[Trj]?
I zipped and password-protected the file and sent it to support a few hours ago, but have not heard back.
As an aside, I also noticed that when I tried to email the file to avast from the Chest (by clicking the email icon on the toolbar), nothing happened… that is, the Submit file dialog did not appear. It does appear for other files in the Chest. Any ideas?
I eventually added the file to the exclusions lists, in order to email it and also upload it to VirusTotal. VT, by the way, only had avast! and one other vendor flagging this file.
Look here for some answers: http://forum.avast.com/index.php?topic=47063.0
Most likely a False Positive, but we are waiting for the final word from the man, and an upcoming correction with a scanner update,
It can’t be virus like behaviour inside the chest, a protected area, even if it was possible it doesn’t make sense that it would effect one file type and not another.
The other problem there have been others who have been able to submit the file.
If you really want to check it out, I could email you a zipped copy of the fp file I had, and if it’s possible to roll back detections to yesterday, you might be able to see the behavior for yourself??
I found a .msp file and added it to the chest and that failed to bring up the form. However, I though it might be because of its size getting in the way.
So I went to the Program Settings, Chest, Maximum size of file to be sent, mine I had previously set to 2048KB (2MB), changing that to 10000KB (roughly 10MB), a size greater than the actual size of the .msp file.
Having done that I went to the chest again and clicked the email to Alwil Software and the form popped-up, image2. So the problem was trying to send a file exceeding the maximum size, why it didn’t report that rather than simply not displaying the submit form I don’t know.
You are 100% absolutely correct! Good thinking, David. I tested it on my settings as well, and have made the (10mb) change… that’s a nice round number. I’m glad you figured that out. Thank you.