AVG Support Community
Share tips and solutions on AVG Products
Community topics
AllAVG Gurus
These community experts are here to help
-
Alan Binch
-
Borislav Angelov
-
Vladimir Bartl
-
Subhadeep Kanungo
-
Miloslav Serba
U J AVG False Positives with Crashplan
Running AVG Internet Security - ver 21.8.3202- build 21.8.6586.695
(10 device licensed version good for another 7 months)
When Crashplan (a backup service) runs a silent upgrade, AVG Behavior Shield falsely detects this as a threat and blocks the silent upgrade from happening.
The threat is identified as IDP.HEUR.24
File Path c:\Config.Msi\xxxxx.rbf
Process c:\Windows\System32\wscript.exe
Detected by Behavior Shield
Selecting More Options and creating an exception does not appear to work unless I'm entering the exception incorrectly.
The following three exceptions are now listed without working...
C:\Config.Msi
C:\Config.Msi\*
C:\Config.Msi\*.*
Any help available to try and prevent the false positive from causing hours of cleanup this causes about every month when an update from Crashplan is released?
(10 device licensed version good for another 7 months)
When Crashplan (a backup service) runs a silent upgrade, AVG Behavior Shield falsely detects this as a threat and blocks the silent upgrade from happening.
The threat is identified as IDP.HEUR.24
File Path c:\Config.Msi\xxxxx.rbf
Process c:\Windows\System32\wscript.exe
Detected by Behavior Shield
Selecting More Options and creating an exception does not appear to work unless I'm entering the exception incorrectly.
The following three exceptions are now listed without working...
C:\Config.Msi
C:\Config.Msi\*
C:\Config.Msi\*.*
Any help available to try and prevent the false positive from causing hours of cleanup this causes about every month when an update from Crashplan is released?
All Answers
Thank you for reaching AVG Support Community.
We'll certainly look into this and help you.
For better clarity, please share us the screenshot of the threat message that you've received from AVG, so that we can check and assist you further.
Note: Please click on 'See details' on the threat message and then share us the screenshot.
If you believe/confirm the threat pop-up has been falsely detected by AVG, then we would request you to submit the file to our developers for analysis.
AVG False-positive site
Have you excluded the file, as mentioned in this article?
Also, please let us know your operating system.
Thanks for your understanding.
Here's the picture as requested.
When the silent install from Crashplan runs (about once a month) to update their software, AVG appears to block it - which causes the file to fail to run, and thus Crashplan has to be reinstalled. Adding in the exceptions as listed above have not stopped Behavior Shield from allowing the Crashplan silent update to proceed. I've been working with Crashplan and we have been able to re-create the issue, but it's a lengthy process for those steps to get a silent update to occur.
I've included the excludes in the original update - Can you confirm if these are written correctly based on the attached screenshot?
https://support.avg.com/SupportArticleView?l=en&urlname=AVG-Antivirus-scan-exclusions
The config.msi file is created when the Crashplan silent update downloads and starts the install process of their update. The *.rbf file name it ocntains changes each time. And once the Config.msi file completes, it is removed/cleaned off the system. Running on Windows 10.
For more details, please refer this article.
Also, please let us know, if any other antivirus program are installed on your PC.
If so, please uninstall it, add the concerned app in 'allow apps' and check the status.
Also – these False Positive is coming from Behavior Shield not the Ransomware or Webcam modules.
If there’s another area to allow an app in Behavior Shield, please let me know.
Picture included to show...
Note: Code42 Tray is Crashplan...
PS: All the links you have provided DO NOT work –they go to blank pages… May want to check them too…
We've sent you an email that offered free additional support to investigate and resolve this issue.
Please check for the email and revert to us.
Thanks for your understanding in advance.
I'll respond on the email you sent. And thank you.
We apologize for the inconvenience caused to you.
In order to analyze the website, we request you to submit the URL for analysis through this https://www.avg.com/false-positive-file-form website.
If it is confirmed as safe, it will be whitelisted and the virus definitions database will be released through update.
You will also get the status updated via email.
Thank you and please keep us informed.
This isn't the experience we want you to have.
We're really sorry to know that you feel this way.
You can contact our AVG representative through this phone number and they will assist you further.
United States: +1 844 259 8811
If you still need assistance, please feel free to connect with our AVG additional remote support team with the link provided in the previous mail.
Thank you.
I request you to contact our AVG technical team by call, they will certainly help you to resolve this matter without any further delay.