Immunet detects Avira as "GandCrab"-Ransomware ... false Positive or real issue?

[Christian Aichinger]

Hi community,

Yesterday's evening I've found out, that files within c:\Program Files (x86)\Avira\ are beeing detected als GandCrab Ransomware.
I have contacted/informed Avira about this issue, and they told me, that this could be a false positive, but they'll investigate.

So I was wondering If anyone else has the same issues, since I have the same issues on two different Computers, which are isolated via firewall.
And ... I only have this issue on Computers, where Avira is installed.

By the way - I know the thing, that Anti-Virus programs do often detect each other as false positives. But I've never had Issues with that.

I've done backups from the infected files, and can upload the encrypted archive for further checks.
But I'm not able to ensure, that this is really a false positive - so I didn't use the False/Positive-Form on the Immunet-Website so far.

Regards,

C.

[ritchie58]

Hi Christian,

I would also concur with the Avira devs that this is a False Positive. Most likely Immunet is detecting some of Avira's updated malware definition files as malicious.

When using Immunet as a companion AV to another product it has always been advised that you create a custom Exclusion rule with Immunet for the other AV's (Avira) entire Program Files folder if it's not already listed as a default Exclusion.

Also, create a exception/exclusion/allow rule with Avira for Immunet's Program Files folder too.

By doing this you can greatly reduce the chance of some sort of conflict occurring between the two AV's.

Give that a try Christian & let us know if the issue still exists after you create exclusion rules for both AV's.

Best wishes, Ritchie...