Suped

How to resolve false positive phishing detection by Avast antivirus?

12 Marketer opinions3 Expert opinions4 Technical articles4 Resources

Summary

Resolving Avast false positive phishing detections requires a multi-pronged approach. The primary step is to report the false positive directly to Avast, using their web form or email, and provide detailed information, including screenshots and Avast's bottom-left corner code. Simultaneously, checking the flagged file or URL with VirusTotal or other AV scanners can help determine if the detection is unique to Avast or a broader issue. Maintaining good email practices, such as using valid SSL certificates, reviewing content for spam triggers, and checking IP reputation, can prevent future false positives. If issues persist, direct contact with Avast support and, in some extreme cases, escalating to executive levels may be necessary. It's also crucial to keep systems malware-free and whitelist responsibly.

Key findings

  • Direct Reporting to Avast: Submit false positives to Avast via web form or email, including detailed info and the Avast code.
  • Secondary AV Scan: Use VirusTotal or other scanners to check for widespread detection, indicating a genuine threat.
  • IP Reputation Check: Verify that your sending IP is not blacklisted to avoid being incorrectly flagged.
  • Content Review: Eliminate potential phishing triggers like URL shorteners and suspicious language from emails.
  • SSL Certificate Validation: Ensure SSL certificates are valid and up-to-date to avoid triggering security flags.

Key considerations

  • Persistence Required: Resolving false positives may take time and require multiple attempts to contact Avast support.
  • Whitelisting Risks: Only whitelist items you are 100% sure are safe, as this could expose you to real threats.
  • Proactive Prevention: Good email practices, SSL validity, and malware checks can reduce the likelihood of future false positives.
  • Documentation Importance: Accurate and detailed documentation of the issue will help streamline the reporting process with Avast.
  • Escalation Path: In difficult cases, escalating the issue to higher levels of Avast support or even executive contacts might be necessary.

What email marketers say
12Marketer opinions

Resolving false positive phishing detections by Avast antivirus involves a multi-faceted approach. Key strategies include reporting the issue directly to Avast through their web form or email support, providing detailed information and screenshots. It's also advisable to check the file or website using VirusTotal or a secondary AV scanner to confirm if it's a widespread detection or a false positive specific to Avast. Other recommendations include whitelisting the file or website in Avast (if you're sure it's safe), ensuring your website's SSL certificate is valid, reviewing your email content for suspicious keywords, checking your sending IP's reputation, and performing regular malware scans on your systems.

Key opinions

  • Report to Avast: Report the false positive directly to Avast via their website form or email support, providing detailed information and screenshots.
  • Secondary Scan: Use VirusTotal or a secondary AV scanner to verify if the detection is widespread or specific to Avast.
  • Whitelist: If confident in the file/website's safety, whitelist it in Avast to prevent future false positives.
  • Check IP Reputation: Ensure your sending IP address has a good reputation to avoid being flagged as a source of phishing.
  • Content Review: Review email content for potentially triggering keywords and phrases, aiming for a legitimate appearance.

Key considerations

  • Persistence: Resolving false positives can take time and may require repeated follow-up with Avast support.
  • Whitelisting Risks: Only whitelist files or websites if you are absolutely certain they are safe, as whitelisting could expose you to actual threats.
  • Holistic Approach: Employ multiple strategies, including reporting, scanning, and content review, for the best chance of resolution.
  • SSL Certificate: Make sure your SSL Certificate is Valid, Invalid certificates can trigger false positive detections.
  • Regular Malware Scan: Run regular malware scans on your servers and computers to ensure they are not infected with malware that could be triggering the false positives
Marketer view

Marketer from Email Geeks shares the solution to the Avast false positive issue: reporting the problem through the web form and one of the email addresses provided by Damon (<mailto:customer.support@avast.com|customer.support@avast.com>), having the customer report the issue from their business email, and attaching both a marked-as-phishing email header and a screenshot with the Avast bottom-left corner code. They got a positive answer within 24 hours.

January 2022 - Email Geeks
Marketer view

Email marketer from HowToGeek explains how to whitelist a file or website in Avast to prevent future false positive detections. This should only be done if you are sure the file or website is safe.

April 2021 - HowToGeek
Marketer view

Email marketer from Reddit mentions submitting the file as a false positive to Avast. They recommend providing as much detail as possible about the detection and why it's incorrect.

June 2024 - Reddit
Marketer view

Email marketer from Malwarebytes Forum recommends uploading the file to VirusTotal to see if other antivirus vendors flag it. If only Avast flags it, it's more likely a false positive.

September 2024 - Malwarebytes Forum
Marketer view

Marketer from Email Geeks shares list of where to submit false-positive phishing or virus reports today: <https://gist.github.com/skmedix/6cdce9d6d3b464c1bd719b72d1f6bce4>

April 2022 - Email Geeks
Marketer view

Email marketer from Webmaster Forum suggests making sure your website's SSL certificate is valid and up-to-date. Invalid certificates can trigger false positive detections.

August 2022 - Webmaster Forum
Marketer view

Email marketer from Cybersecurity Blog recommends running regular malware scans on your servers and computers to ensure they are not infected with malware that could be triggering the false positives.

October 2022 - Cybersecurity Blog
Marketer view

Marketer from Email Geeks shares his experience with a client encountering Avast/AVG false positives. He recommends sending emails to <mailto:customer.support@avast.com|customer.support@avast.com> and <mailto:support@business.avast.com|support@business.avast.com> with a screenshot of the Avast code in the bottom left corner, and to send the email every hour until a response is received. It took 4 days and a CEO to CEO message before they finally took action.

July 2023 - Email Geeks
Marketer view

Email marketer from Email Marketing Tips recommends reviewing email content for suspicious keywords or phrases that could trigger phishing filters. Reduce the use of such terms and make your email look more legitimate.

August 2022 - Email Marketing Tips
Marketer view

Email marketer from StackExchange suggests using a secondary AV scanner to confirm the detection. If the secondary scanner doesn't detect anything, it's more likely a false positive.

October 2024 - StackExchange
Marketer view

Email marketer from Avast Community Forum recommends contacting Avast support directly if the online submission doesn't resolve the issue. They may require more information or be able to provide a faster resolution.

August 2024 - Avast Community Forum
Marketer view

Email marketer from Spamhaus Forum suggests checking the IP reputation of the sending server. If the IP is blacklisted, it could cause false positive detections. Use tools like Spamhaus Block List Checker.

April 2021 - Spamhaus Forum

What the experts say
3Expert opinions

Resolving false positive phishing detections by Avast involves directly reporting the issue via Avast's designated channels and providing detailed information about the flagged content. Reviewing email content to avoid triggering spam or phishing filters is also crucial.

Key opinions

  • Direct Reporting: Report false positives directly to Avast through their official false positive reporting form.
  • Detailed Information: Provide comprehensive details about the falsely flagged content to assist Avast in their investigation.
  • Content Review: Carefully examine email content to identify and eliminate any elements that might be mistakenly identified as phishing attempts.

Key considerations

  • Communication: Establishing open communication with AV vendors is crucial for resolving false positives effectively.
  • Spam Triggers: Be mindful of common spam and phishing triggers in email content, such as URL shorteners and suspicious language.
  • Avast's Database: Avast maintains its own database, requiring direct submissions for analysis and resolution of false positives.
Expert view

Expert from Word to the Wise explains to review your email content for anything that might trigger a phishing flag. This includes URL shorteners, suspicious language, and anything that might be considered 'spammy'.

July 2022 - Word to the Wise
Expert view

Expert from Email Geeks shares the Avast website link for reporting false positives: <https://www.avast.com/false-positive-file-form.php> and explains that they maintain their own database, so direct reporting is necessary.

January 2022 - Email Geeks
Expert view

Expert from Spam Resource explains that when dealing with antivirus vendors and false positives, it is important to establish a line of communication and provide detailed information about the falsely flagged content.

June 2021 - Spam Resource

What the documentation says
4Technical articles

Resolving false positive phishing detections involves submitting the flagged file or URL for analysis. Avast provides an online submission form for this purpose. While Microsoft Defender's submission process offers a similar approach, using VirusTotal allows you to analyze files and URLs with multiple antivirus engines to determine if the detection is unique to one vendor or a broader concern. Additionally, adhering to general anti-phishing guidelines from sources like SANS.org helps to ensure that your content is not genuinely suspicious and less likely to be falsely flagged.

Key findings

  • Direct Submission: Submit flagged files/URLs directly to Avast's virus lab for analysis using their online form.
  • Multi-Engine Analysis: Utilize VirusTotal to analyze files/URLs with multiple antivirus engines, helping to identify if the detection is a false positive specific to one vendor.
  • Process Parallels: Microsoft Defender's submission process provides a comparable approach for handling potential false positives.

Key considerations

  • Proactive Prevention: Following general anti-phishing guidelines can reduce the likelihood of your content being falsely flagged as malicious.
  • Third-Party Validation: VirusTotal offers a valuable third-party validation step to assess the legitimacy of antivirus detections.
  • Vendor-Specific Processes: Each antivirus vendor may have its own specific process for reporting and resolving false positives.
Technical article

Documentation from SANS.org offers general advice on avoiding phishing tactics, such as checking links carefully and avoiding suspicious attachments. While not directly about false positives, following these guidelines will help to be sure you don't spread actual phishing.

April 2023 - SANS.org
Technical article

Documentation from Microsoft.com explains how to submit files for analysis if Microsoft Defender is flagging them as malicious. While not directly Avast, this outlines a similar process for another major AV vendor.

August 2021 - Microsoft.com
Technical article

Documentation from Avast.com explains that users can report false positives by submitting the file or URL to Avast's virus lab for analysis. This can be done via an online submission form.

September 2024 - Avast.com
Technical article

Documentation from VirusTotal.com explains how to use their service to analyze files and URLs with multiple antivirus engines. This can help determine if a detection is a false positive.

April 2024 - VirusTotal.com

Related resources
4Resources

Solved: Re: Adobe shared-assets.adobe.com. All shared asse ...
Solved: Re: Adobe shared-assets.adobe.com. All shared asse ...

Thank you for contacting Avast and reporting a false positive URL detection. I'm happy to help. I reported the URL as "false positive" to Avast. I got the following response today: "The reported URL was checked by Avast virus specialists and based on the findings the detection was removed. The webs...

https://community.adobe.com
IDE 2.0.0-rc2 Malware Infection? - IDE 2.x - Arduino Forum
IDE 2.0.0-rc2 Malware Infection? - IDE 2.x - Arduino Forum

Just downloaded and Avast (antivirus app) reports an infection with: mdns-discovery.exe Anyone else getting it or is this a false positive?

Arduino Forum
Auth0.com flagged as URL:Phishing by Avast - Auth0 Community
Auth0.com flagged as URL:Phishing by Avast - Auth0 Community

When our users go to the authentication page, avast is flagging this as “URL:Phishing” and aborted the connection to auth0.com. Essentially a similar issue as: Can anyone shed light as to how this was resolved with avast?

Auth0 Community
Avast Antivirus and Dash - Informal - InfinityFree Forum
Avast Antivirus and Dash - Informal - InfinityFree Forum

Avast Antivirus now blocks dash.infinityfree.com Just wanted to let you know maybe more antiviruses also block it

InfinityFree Forum

Related questions