Problem with Avast

delphi package - automated exception handling
Post Reply
bitusonline
Posts: 2
Joined: Thu Nov 19, 2015 5:27 pm

Problem with Avast

Post by bitusonline »

Hello friends,

I'm having trouble with Avast and MadExcept already a few months ago.

Avast and Madexcept updated to last versions.

Avast insists to delete an exe that has MadExcept enabled.
The application has more than one executable however only one of them is deleted.

Avast detects infection with Win32: Evo-gen

Note: Deleting only occurs when the file is downloaded via the updater of application, which indicates that the analysis sob demand that this detecting.

Is there any configuration of MadExcept or tip to minimize this?

The MadExcept uses some shared code from madCodeHook?
I believe that this module is a target of the antivirus.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Problem with Avast

Post by madshi »

Have you tried contacting Avast about the problem? There's really not much I can do here.

One method to avoid false positives is to code sign your EXE file. That usually takes care of most problems.

madExcept does not use madCodeHook. However, both are using some basic madCollection tool units (like madStrings, madTypes, madTools etc) and both use a little disassembler (madDisAsm). I'm not getting false positive reports from madCodeHook users any more often than from madExcept users. So I can't say that madCodeHook would have a bigger target on its back. But maybe this also has to do with most madCodeHook users having a code signing certificate. As mentioned above, that helps with avoiding false positives.
bitusonline
Posts: 2
Joined: Thu Nov 19, 2015 5:27 pm

Re: Problem with Avast

Post by bitusonline »

Thanks for your replay.

Yes, i contacted Avast with no success.

I scan the file on VirusTotal and not found anything. Including Avast.
If I I scan the directory with Avast he did not find anything.

Avast detects the false positive only when the file is downloaded.

If i remove madexcept then Avast stop detecting the false positive.

I suspect there is a combination of things he analyzes heuristically and bump...
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Problem with Avast

Post by madshi »

That's really sad. It's Avast's job to fix this problem, really. In theory you could sue them for harming your business, if they don't fix this problem quickly.

I wish there were anything I could do. But there simply isn't. It's totally out of my hands. It's Avast's screw up, not mine.

The only other thing you could do is using code signing, as I said before.
davidheffernan
Posts: 89
Joined: Thu Feb 23, 2012 12:22 pm

Re: Problem with Avast

Post by davidheffernan »

Doubt that you'd get anywhere suing. The AV vendors would say that it is up to their customers whether or not they run a specific AV tool.

These things are always going to happen. It's frustrating, but there's little that can be done. I suggest you get your customers to move off Avast and get a decent AV tool.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Problem with Avast

Post by madshi »

I wish somebody would try (suing) for once. I know that AV companies live between a rock and a hard place. Shame on them if they miss a real malware. Shame on them if they produce false positives. If an AV software works perfectly, you don't even notice it's there. It's not an easy job to do, and I do have some pity for that. However, that's no excuse to keep producing false positives repeatedly, even after they've been notified about a specific problem. Such a thing does hurt legitimate business, and IMHO is valid grounds for suing ("libel"). But I suppose the small players like us don't have the resources to do that...
davidheffernan
Posts: 89
Joined: Thu Feb 23, 2012 12:22 pm

Re: Problem with Avast

Post by davidheffernan »

It's pretty hard to sue the AV company. Their defence would just be to say that the user chose to use their software and can remove it if they wish.

Where I think it gets trickier is for monopoly AV software. So, if an OS vendor starts supplying AV software and the majority of users use it by default, then the choice defence is less compelling. I know that MS now ships their AV with Windows but they hesitated for a long time. I bet this issue was one that caused them to hesitate.

I personally think that most AV software is worse than none. I regard the cure as being worse than the disease. When I was doing top-down memory allocation testing of my 64 bit version, the only AV software I found that could operate in such a setting was MSE. It's the only AV software I've ever used that hasn't led to significant perf issues.
Post Reply