NO
« previous next »
Pages: [1]   Go Down

Author Topic: Avast marks older generated executables as suspicious  (Read 5788 times)

Franzki

  • Guest
Avast marks older generated executables as suspicious
« on: February 11, 2013, 10:06:21 PM »
Since a few weeks Avast antivirus (free version) marks some of the executables produced with PellesC as suspicious (Win32: Evo-gen[Susp]) and moves them to the viruschest as soon as I try to execute them. When I scan the file no virus is found.

I compiled and linked these executables with older versions of PellesC. They all are small console applications.
Logged

Tino

  • Guest
Re: Avast marks older generated executables as suspicious
« Reply #1 on: February 12, 2013, 06:24:25 AM »
Hi :)

Here is an older thread wich contain many infos about that topic.
http://forum.pellesc.de/index.php?topic=4675.msg17970#msg17970

Hope it does help you.

Have fun :)
Logged

Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 772
Re: Avast marks older generated executables as suspicious
« Reply #2 on: February 12, 2013, 08:05:32 AM »
Quote from: Franzki on February 11, 2013, 10:06:21 PM
Since a few weeks Avast antivirus (free version) marks some of the executables produced with PellesC as suspicious (Win32: Evo-gen[Susp]) and moves them to the viruschest as soon as I try to execute them. When I scan the file no virus is found.

I compiled and linked these executables with older versions of PellesC. They all are small console applications.
Complain to Avast (open a trouble ticket with them). I don't have any troubles with it myself, with the exception that newly created programs are triggering the question if AVast should run it in a sandbox, but that is at least in my case intended behaviour...

Ralf
Logged

Franzki

  • Guest
Re: Avast marks older generated executables as suspicious
« Reply #3 on: February 19, 2013, 09:18:43 PM »
Things are getting worse...  >:(

I just tried to compile a "Hello World" program and even that isn't working anymore.

Using PellesC 6.5 RC4 right now... I could try an update...

[EDIT]
Just opened a ticket... let's see if it helps.



« Last Edit: February 19, 2013, 11:27:35 PM by Franzki »
Logged

Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 772
Re: Avast marks older generated executables as suspicious
« Reply #4 on: February 20, 2013, 02:37:06 AM »
Quote from: Franzki on February 19, 2013, 09:18:43 PM
Things are getting worse...  >:(

I just tried to compile a "Hello World" program and even that isn't working anymore.

Using PellesC 6.5 RC4 right now... I could try an update...

[EDIT]
Just opened a ticket... let's see if it helps.
Well, I am using the latest free version of AVast! myself on both XP and Windows 7 (and Pelle's C 7.00.355) with no such problems.
I did have a problem with the download of Orange C (after it was mentioned in another thread) and that was fixed by them a few days later after I opened a trouble ticket with them about that.

EDIT: Well, after the latest definition updates of AVast, this is now giving me again false positives and I have filed another FP report with them...  :(

Ralf
« Last Edit: February 20, 2013, 06:14:35 PM by Bitbeisser »
Logged

Franzki

  • Guest
Re: Avast marks older generated executables as suspicious
« Reply #5 on: February 20, 2013, 08:39:20 PM »
They marked my ticket as "solved". But I received no reply or feedback about what was changed.

My "Hello World!" program is working again... but they seem to have applied a really weird fix.

An old executable of an other console project is still marked as "suspicious" and is removed to the Virus Vault... but after a rebuild with identical project options it is not suspicious anymore.

Only five bytes have been changed if I do a binary filecompare:

Quote
C:\>fc pi.exe pi_.exe /b
Bezig met het vergelijken van bestanden PI.exe en PI_.EXE
00000088: D9 61
00000089: 22 DB
0000008A: 25 23
000000D8: 9A 00
000000D9: B6 00
Logged
Pages: [1]   Go Up
« previous next »