Archive: AVG Spyware and false positives


AVG Spyware and false positives
I just thought I would mention this. I download the NSIS installer package from sourceforge and AVG Antispyware is reporting it as infected by dropper.pates. Can't work out how to report on AVG site as you need AVG anti-virus (which I don't use) to register to use the sites forums. ho hum.

bye

Steve


Report it to virus@grisoft.com. Really weird it happens as AVG Antispyware uses NSIS... Make sure to add more details to your report. I have not been able to reproduce this without specific version numbers.


Thanks for info. This morning I removed the exceptions rule I created to install NSIS so as to get a screen dump of the detection screen and scanned again - guess what No problems found!!!! Wish I had done this yesterday!!


I'd like to make a comment on this:

I'm using Trend Micro PCCillin 2007, and by default it has a filter called “Suspicious Software Alarm System” enabled that monitors all programs and pops up a warning if something "mysterious" happens.

I noticed that while installing my own NSIS installer, the warning popped up several times. This is not a virus but a spyware warning, but I guess it's because I write things to the registry (or I guess it could be that it reacts to the same thing as virus scanners usually do; the internet access thingy).

You have to manually click "Allow" - and I think the NSIS installer is halted until you do so. Not sure if this has any negative effects on the install or not.

Is this something one should report to Trend Micro?

I've disabled the feature, so I'm not 100% sure it hasn't already been 'fixed' through an update.

[edited] I didn't read the opening post thoroughly enough, and thought it was a bout anti virus, when in fact it seems it was the same problem I'm reporting, only in a different software package. [/edited]


Nothing to report in this case. Installing software is a suspicious activity after all. Be it registering DLLs, moving files into the Program Files or Windows directories or even writing to the registry can have a lot of effects on the system. If Trend wants to allow their users to give their users an option to closely monitor every such activity, it's their decision.

It's not a case of a false positive because it hasn't identified the installer as something it's not. It merely gave it the same treatment it gives every other program on the system. Whether you, as a user, like to be bugged for every activity taken on your computer, is up to you. Some users like to take full control, most don't.