I am really starting to get frustrated. Many of my users use Avast AV and I keep getting complaints that avast is marking my installer with this absurd detection.

Why are you guys detecting NSIS?! Do you even bother to make sure that you’re not detecting legitimate code?

Seriously, avast needs to step it up, stop being lazy, and make more targeted detections.

I can’t sit for hours and explain how to add exclusions in Avast. You need to be more careful with your detections.

Sincerely,
annoyed

examples: https://www.sendspace.com/file/0de9hv
password: falsepositive

well … avast is not alone
https://www.virustotal.com/nb/file/bacec1b2d8bc563d2ab255f1536a2de2819723ec895f0e61ced0bec533e05d20/analysis/1407283734/

new file at VT First submission 2014-08-06 00:08:54 UTC ( 1 minute ago )

Why are you guys detecting NSIS?! Do you even bother to make sure that you're not detecting legitimate code? Seriously, avast needs to step it up, stop being lazy, and make more targeted detections.

The AV-TEST Institute registers over 220,000 new malicious programs every day.
http://www.av-test.org/en/statistics/malware/

20% of all malware ever created appeared in 2013
http://press.pandasecurity.com/news/20-of-all-malware-ever-created-appeared-in-2013/

so this is the price we pay for trying to detect all this with automated analysis systems and generic/heuristic detection, there will be some False Positives … all AV have that
what will you say if one malware slipp past avast :-\ as you know no security program have 100% detection

sorry seems i downloaded the wrong file and tested above … anyway seems that site has malicious files for download

these are from your files
https://www.virustotal.com/en/file/004405c3df5e6a8d8d235b6a1d10680f0dbe9ce28f85dfb5858fb71c7cf5a8d6/analysis/1407284642/
https://www.virustotal.com/en/file/ded053a20663409d791b3ee25391ad965a47b8b7faccfb0399ed4745820b382f/analysis/1407284657/
https://www.virustotal.com/en/file/ad195d0e0b1015e7162423b80204eb2fb77fe14aeb1c6f90d06862e07ca4751a/analysis/1407284667/

Hi Pondus,
My users are specifically complaining of Avast reporting that detection. I’ve seen screenshots myself of the Avast alert. I just sent the files I uploaded for you to a user with Avast and he confirmed Avast was still tagging it.

I think VirusTotal does not have advanced heuristics enabled for their Avast distribution (or whatever sort of heuristics which cause this detection).

I’ll contact the other Antiviruses that are tagging it as well, but they’re not very major, and Avast is, which is why it’s a very annoying problem.

Please scan it locally with your own Avast (if possible).

Thanks for the quick reply.

Win32:Evo-gen [Susp] = Suspicious (may happen with new files!) is a on access detection only and will not show on a VirusTotal scan

You can report it using one of these options…you may add a link to this topic in case they reply here

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

Will do.
Thank you.

Do you digitally sign your applications and installers?

https://www.metascan-online.com/en/scanresult/file/a010e365e4414b9ea17649192abdccdc

What version of NSIS are you using ?

Hi,
I’m using the latest version of NSIS (3.0 b0)

I contacted F-prot (their DB is shared with Commtouch) and they have confirmed they have removed the FP from their db.

Also I’m not spending $500+ for a digital signature, I distribute free software!

If you haven’t done so already, report it to avast too.
Tested things and have the same problem with everything created with nsis.

Detection was fixed in the latest update VPS.

Hi,
I see that Avast has removed the detections I reported; thank you, it’s nice to know Avast acknowledges false positives.

Here’s 3 more samples from NSIS which were reported to me by a friend that Avast is tagging with Evo-gen

https://www.sendspace.com/file/3d8bbo
pass: falsepositive

Virustotals of them (note Evo-gen does not show on VT):

https://www.virustotal.com/en/file/71173992479d756dcfed0eeb747bdf946ddbbb67fcb4b85fbf39cd613f5bfd75/analysis/1407660082/
https://www.virustotal.com/en/file/736ed2e8006868b78bb218e5c282b0feb314a719a7c9b617e87ad960143f2054/analysis/
https://www.virustotal.com/en/file/d894715d1a1bba219994a21978b537416caadcfe02c504af981908883213db26/analysis/ (<- I already contacted Ahnlab about this and they are removing it)

Please keep reporting any false positive you run into.
Things can’t be fixed if they don’t know if something is broken

But as you have noticed, avast (our big brother) is listening ;D

Reported to /virus analyst

All fixed, thanks for the report :-D!

I am also having this issue! Needs to be fixed asap.

As HonzaZ, the problem is already fixed.
I tested it and it is.

This is a different, but similar problem. Read my post, thanks.

unfortunately (I do not report again)
please,use the support ticket

https://support.avast.com/Tickets/Submit

see the title topic
(awaiting approval by a moderator)

https://forum.avast.com/index.php?topic=153530.msg1116034#msg1116034