Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Avast false positives InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Avast false positives

Published: 2009-12-03
Last Updated: 2009-12-03 11:04:57 UTC
by Mark Hofman (Version: 1)
2 comment(s)

We have received a number of reports of Avast Antivirus false positives (Thanks Ken, Don,  Luca & others).   With a recent update the Avast antivirus product have started identifying legitimate products as containing Win32-Dell-MZG.  The Avast forum is awash with some of the products that have been tagged, many of which are known to be good and have been functioning quite normally. 

The recommendation at the moment is to not reply delete or quarantine files as this may fry the product they belong to (a few readers are currently reinstalling applications).  As far as we know the files are consistently identified as Win32-Dell-MZG so if others pop up there is a fair chance that these are legit.

Mark 

Update

A new update was released fixing the issue.  091203-1.  If you haven't used your computer between 12:00am UTC and 5.50 am UTC, then you will receive the new update and you should be fine.  For those that were affected I recommend you keep an eye on the Avast blog http://forum.avast.com/index.php?topic=51647 as they are working on some how to's to help fix any issues. 

 

2 comment(s)
Diary Archives