Sign in to follow this  

Recommended Posts

THis is going to be a major job now to restore my files from all over the harddisk from the Quarantäne of AdAware. Actuially i am dissapointed from the high rate of (surely) false positives.

 

I have uses Avira before and and i had only a few false positives. I could send them in and they removed the problem very fast.

 

Now i switched to AdAware because i was not happy with the Stability of the latest AVIRA product.

 

As a result that i have now AdAware, i just got 156 (i am sure) false positives mostly own code programmed in PowerBasic.

 

I am not going to post all my personal programms here in the forums to get this problem removed.

 

I expect like with other vendors like AVIRA an mail or FTP where i can upload false positives.

They have to be checked and the problems have to be removed.

 

Actually this program destroys ma daily work here on this computer.

 

How can i make sure this is going to be fixed in newer versions?

Otherwise i may remove this thing from my system as fast as i got it here.

------------------------------------

I want to add something about Usability.

 

If i click on "Berichte" (Reports?) then i see the infection type that was assumed.

If i click on "Quarantäne" there is a BUtton "Wiederherstellen" (Restore?) that can restore the file.

 

This way necessary informations are split on different tables.

 

i would need to see what file is actually infected and what infection is assumed.

So i can possibly upload it to "Virus Total" to get an additional check of the file.

 

I am missing a table where i can see:

- filename and path,

- infection type,

- and chance to decide -restore or delete

 

also i would like at this place a

- "submit false positive" button. So i can submit false positives and help this program to get a bit better.

 

Let me say that from design and stability the AdAware ios very good.

However if it makes so many false positives and destroys ma programs, i can not use it. I need a sollution.

Edited by theogott

Share this post


Link to post
Share on other sites

Hi theogott,

 

You can upload the files here, since it will only be possible for Lavasoft staff to download the files posted in this forum.

Please, follow the guide http://www.lavasoftsupport.com/index.php?showtopic=18033 to give Lavasoft all the information they need to be able to investigate the files.

 

Usually definitions are updated within a few working hours, but it may take longer time now due to vacations.

 

To see which file that is in the quarantine and its original location (path/folder), please double-click anywhere in the line in the list on the Quarantine tab.

Share this post


Link to post
Share on other sites

Hi theogott,

 

Thanks for letting me know. For the moment, the quickest way to get those files to me would be via Dropbox. If you have a Dropbox account, send me a PM with the email address you use for the Dropbox account so I can share a folder with you.

 

Regards,

 

Andy

Lavasoft Malware Labs

Share this post


Link to post
Share on other sites

Hallo Andy, thanks for your quick Reply. That shows me that you are confident and looking to get your product clean from false alerts.

Thats important for me, because i only use such products where people are behind the product.

.

I have already uploaded the most important pieces, many of the other alerts were just duplicates.

Some others were indeed Sort of Hacks, these i have not uploaded.

After these are resolved i will see how the situation is.

I have Dropbox and when i get more Alerts after next few Updates I will send you the PM with my Dropbox Account and we will use this way.

 

 

Please note that i would also like an easy way to report false positives from inside the product ("Send false positive") or like that,

 

>To see which file that is in the quarantine and its original location (path/folder), please double-click anywhere in the line in the list on the Quarantine tab.

Which is not really user-friendly as it is now.

At least an easy way to handle these situations, actually i have to click 5 or 6 times to get things repaired and files back.

Also i clicked sometimes mistakenly double on "Wiederherstellen" (Restore?) and then i have no chance to find that file again.

 

Thanks ...

Theo

 

PS: Skype "theogott"

Edited by theogott

Share this post


Link to post
Share on other sites

Hi,

The results of the re-analysis are attached as a .csv file.

 

Several files were false positives; others were too nondescript to make a judgment; a couple were malicious.

If you would like further analysis on the files that were not classed as FPs, please provide more information pertaining to where the files came from and what they’re used for.

 

Regards,

 

Andy

Lavasoft Malware Lab

 

DetectionsAnalyzed.csv.zip

Share this post


Link to post
Share on other sites

Ok, several updates later thes ituation is not better.

Especially files that are definitely no viruses and that i have reported are still found.

Compared to Avira, the system here is more difficult. Here it looks like i have to proof if a file is not a virus. But this is your job.

 

Normally i just send the file in and there must be people testing the file or having the file going through a testing process that will proof the file is safe.

 

I did not check through all the (now) 165 files that are reported. But some of them i have already sent in especially:

- SED:MACROS.exe is definitely no VIrus or such (I have the source code, its just a Text Database App).

 

Further fals positives....

- Atomic FTP Server.exe.is an example program from the Purebasic package.

- pec2.exe is a runtime packer and not a virus.

- masm32 example-file "download.exe" is just a programming example that used MASM32.

 

Just a quick look.

 

As the number increased now to 165 and did not get better but worse, I need to change something.

 

This Anti-Virus my be good for a normal household PC. But for a programmers PC it makes a lot of trouble.

And its not my job to check that your programm does not mark false positives.

 

post-104304-0-32018000-1374583819.png

If i look at all those 165 cases, It will need a full workday. Especially as there are files that i have already reported as false positives, i see currently no chance to get this thing cleaned up.

I'll remove this licence from my computer and give it to somebody else for a household computer..

Edited by theogott

Share this post


Link to post
Share on other sites

Hi thegott,

It's more that the files share attributes with malware (or in some cases, can be considered hack tools) - to remove or edit the detection routines to allow for one user means that the rest of our user base are less protected.

I understand that this is frustrating for you, although it is possible (but probably tedious for you) to add those files to the ignore list, or alternatively, use Ad-Aware on non-development machines.

Regards,

Andy
Lavasoft Malwae Labs

Share this post


Link to post
Share on other sites
Sign in to follow this