Search Unity

Why is Avast! blocking MonoDevelop? :D

Discussion in 'General Discussion' started by Thymue, Nov 26, 2017.

  1. Thymue

    Thymue

    Joined:
    Sep 7, 2017
    Posts:
    2
  2. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    14,293
    False positive. Google's suggestions for reading can fill you in on what these are.

    https://www.google.com/search?q=false+positive+anti+virus

    Easiest way to verify is to upload the file to VirusTotal and allow it to scan it with their 70+ anti-virus programs.

    https://www.virustotal.com

    If there is a legit virus then the majority of their programs will report a problem. If only a few do it's a false positive.
     
  3. nat42

    nat42

    Joined:
    Jun 10, 2017
    Posts:
    354
    I think the advice to check multiple programs with something like virustotal is likely good, but possibly neglects the possibility of being in the brief window when your AV manufacturer may be amongst the first to recognise a threat.

    Another data point that you can take with another grain of salt, is that instead of detecting any threat by signature (which is also prone to false positives, don't get me wrong) this was triggered by "behaviour" and is very general (the threat name is "IDP.Generic".

    Because IDE's create and spawn executables, as well as debugging them, behaviourally they can trip antimalware software occasionally.
     
  4. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    14,293
    Likewise there's the problem that not every anti-virus is aware of every threat. According to an article from 2010 even the best anti-virus programs only detect between 40 and 70% of the infections. This is why I like to throw a file at VirusTotal rather than just rely on my single anti-virus.

    https://www.livescience.com/9997-malware-threat-outpaces-antivirus-software.html
     
  5. nat42

    nat42

    Joined:
    Jun 10, 2017
    Posts:
    354
    Yeah, I've been know to use it myself ;) I just think it's wise to still exercise some caution (take it with some grain of salt) when your chosen AV is amongst the few to detect a threat. Ofcourse, by the time I've sent it to virustotal I've possibly at least looked at what symbols can be seen in the executable in a hexeditor or something and formed some opinion on how suspicious/untrustworthy I find the file.