Jump to content
Christian Aichinger

Immunet detects Avira as "GandCrab"-Ransomware ... false Positive or real issue?

Recommended Posts

Hi community,

Yesterday's evening I've found out, that files within c:\Program Files (x86)\Avira\ are beeing detected als GandCrab Ransomware.
I have contacted/informed Avira about this issue, and they told me, that this could be a false positive, but they'll investigate.

So I was wondering If anyone else has the same issues, since I have the same issues on two different Computers, which are isolated via firewall.
And ... I only have this issue on Computers, where Avira is installed.

By the way - I know the thing, that Anti-Virus programs do often detect each other as false positives. But I've never had Issues with that.

I've done backups from the infected files, and can upload the encrypted archive for further checks.
But I'm not able to ensure, that this is really a false positive - so I didn't use the False/Positive-Form on the Immunet-Website so far.

Regards,

C.

Share this post


Link to post
Share on other sites

Hi Christian,

I would also concur with the Avira devs that this is a False Positive. Most likely Immunet is detecting some of Avira's updated malware definition files as malicious.

When using Immunet as a companion AV to another product it has always been advised that you create a custom Exclusion rule with Immunet for the other AV's (Avira) entire Program Files folder if it's not already listed as a default Exclusion.

Also, create a exception/exclusion/allow rule with Avira for Immunet's Program Files folder too.

By doing this you can greatly reduce the chance of some sort of conflict occurring between the two AV's.

Give that a try Christian & let us know if the issue still exists after you create exclusion rules for both AV's.

Best wishes, Ritchie...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...