In very rare cases, Avast may detect and block some programsor website pages as a virus, although you know for sure it’s safe. These wrong detections are called false positives. If such false-positive detection prevails after the virus definitions update, you may want to exclude the detected software or website from the Avast scan.
This is a perfect fix when Avast is blocking one of your favorite programs, but you still want to run/allow it. In the past, Avast was blocking some of the most popular software (Steam for example) for a short period of time. To be fair false-positive detection happens basically to every antivirus on the market, it’s not just Avast.
Anyway, we strongly recommend scanning the file/webpage also through some other virus engines to make sure it’s really clean. For this, you can use a free online scanner VirusTotal. Sometimes you may think the file/URL are safe but they are actually infected and it’s not just Avast which is detecting them.
Avast Security for Mac. Think different about Mac security. Download Free. Essential security. Premium security. 30-day money-back guarantee. Select specific files or folders for faster, targeted scans. Scheduled Scan. Schedule scans for when you’re sleeping or away from your Mac. Free Antivirus 2018 License key + Activation Code For [ Windows + MAC ] is a family group that of security applications developed by Avast Software for Microsoft Windows, macOS, Android os, and iOS. Free Antivirus 2018 License key + Activation Code For [ Windows + MAC ] services and products consist of free and proprietary variations computer that offers, web browser.
What Is A Custom Scan
Quick Summary
- Make sure the blocked file or webpage is not malicious by testing it at www.virustotal.com
- Add it as an exception by going to Settings » General » Exclusions
- Confirm by clicking OK
Read more detailed steps and other options including screenshots below.
In this guide, you will learn how, but we strongly suggest using exclusions only when you’re an advanced user. There are three basic types of exclusions/exceptions in the Avast Antivirus 2019:
- Global exclusion list of the folder/file/program/application from being scanned at all
- Global exclusion list of the website/URL from being scanned at all
- Exclusions in the specific shield (File System Shield, Mail Shield, or Web Shield)
Global Whitelist – Exclude Specific Folder/File/Program/Application from All Avast Scans
If you want to add the exception for the specific website, domain, or URL from being scanned by Avast, follow these steps. This is so-called Global Whitelist or Exclusion List.
- Open the Avast user interface and go to ‘Settings‘ » ‘General‘
- Find the tab ‘Exclusions‘ and add specific programs to the ‘File paths‘ tab
- Added applications and/or paths will now be excluded from any Avast scanning
Adding File/Folder/Program Exception into Avast 2019
On the screenshot above you can see that application ‘FileZilla FTP Client‘ and ‘DAEMON Tools Lite‘ are excluded. Such exceptions also apply to all sub-folders on these folders as we have used ‘/*’ in the path.
Global Whitelist – Exclude Specific Website/URL from All Avast Scans
If you want to add the exception for the specific Avast shield, follow these steps.
- Open the Avast user interface and go to ‘Settings‘ » ‘General‘
- Find the tab ‘Exclusions‘ and add specific websites or URLs in the ‘Urls‘ tab. Please note ‘http://’ will be added automatically, so if you want to exclude Yahoo, just type yahoo.com. Please note you need to differentiate between ‘http://’ and ‘https://’
- Added websites/URLs will now be excluded from any Avast scanning
Adding Website/Domain/URL Exception into Avast 2019
On the screenshot above you can see that URLs ‘https://www.gmail.com‘ and ‘http(s)://.gmail.com‘ are excluded. Such exception also applies to all pages on these domains as we have used ‘/*’ in the path.
Add Exception for Specific Avast Antivirus Shield (File System Shield, Mail Shield, or Web Shield)
If you want to add the exception for the specific Avast shield, follow the steps further.
- Open the Avast user interface and go to ‘Settings‘ » ‘Active Protection‘
- Select the shield (File System, Mail, or Web) for which you want to add the exception, and click on ‘Customize’ link
- Find the menu item ‘Exclusions‘ and add the item you want to exclude from scanning by the specific Avast shield. You can also specify when the exclusion applies (for reading, writing, or executing)
- Please note that global exclusions are always applied although they aren’t listed in the specific shield. Also please note a lot of items are listed there by default
Adding Specific Shield (File System, Mail, or Web) Exception into Avast 2019
On the screenshot above, you can see many items are excluded from the File System Shield scan by default. We haven’t added any of them.
[IMPORTANT] Restart All Avast Shields to Make Exclusion Work
After you successfully add the file or webpage to exclusions you need to actually restart all Avast shields to make it work. Otherwise, Avast will keep detecting and blocking it as a threat.
- Find Avast icon in the Windows system tray (click on the top arrow)
- Go to ‘Avast shields control‘ » ‘Disable for 10 minutes‘ » confirm
- Go again back to ‘Avast shields control‘ » ‘Enable all shields‘
Restarting All Avast Shields From the Windows System Tray
Now Avast should stop detecting the added files/URLs in the exclusions. You can also simply just restart your Windows.
Report a False Positive Detection to Avast
We also strongly suggest reporting the detection you believe is a false positive directly to Avast team. They will look into it and eventually confirm the reported file, software, or website is clean.
Link to report is included on every in-product pop-up displayed when the harmful webpage or file is blocked. Just click on ‘Report the file as a false positive‘.
Avast For Mac Custom Scan Of Library Folder Not Showing
Avast Web Shield Has Blocked a Harmful Webpage or File Pop-up
Then you need to fill-in following simple form. In the additional info, you can add a link from VirusTotal scan. Don’t forget to check the option ‘I know what I’m doing‘ and click on ‘Submit‘.
Avast In-product Form for Reporting False Positive Detection of Files or Websites
![Avast For Mac Custom Scan Of Library Folder Avast For Mac Custom Scan Of Library Folder](/uploads/1/2/6/2/126203125/694038509.png)
Alternatively, you can use the official web form for reporting false positive detection.
Official Avast Web Form for Reporting False Positive Detection of Files or Websites
Additional Notes
Although we have used Avast Free Antivirus 2019 screenshots in this article, these steps are also applicable for all Avast Antivirus solutions (i.e. also for Avast Pro Antivirus, Avast Internet Security, or Avast Premier) running the latest version available.
Steps are relevant for all Windows versions – Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 (including Anniversary Update).
Managing exceptions or turning off Avast protection may leave your computer at risk.
Active1 year, 8 months ago
Yesterday I ran a full system scan using my Avast antivirus software and it found a infection file. The file's location is :
Avast categorizes the infection file as :
So, after deleting the file I did several more full system scans to check to see if there were any more files. I found nothing, until I restarted my macbook pro today. The file reappeared in the same location. So I decided to let Avast put it in the virus chest, restarted the laptop, and again the file was in the same location again. Therefore the virus is re-creating the file every restart of the laptop.
I want to avoid wiping the laptop and re-installing everything, so that is why I am here. I researched the file path and cryptonight and found out that cryptonight is/can be malicious code that can run in the background of someone's computer to mine cryptocurrency. I've been monitoring my CPU usage, Memory, and Network and I haven't seen a single odd process running. My CPU is running below 30%, my RAM is generally below 5GB (installed 16GB), and my network hasn't had any processes sending out/receiving large amount of data. So if something is mining in the background, I can't tell at all. I have no clue what to do.
My Avast runs full system scans every week, so this just recently became an issue this week. I checked all of my chrome extensions and nothing is out of order, I haven't downloaded anything special within the past week, besides the new Mac operating system (macOS High Sierra 10.13.1). So I have no clue where this has came from to be honest and I have no clue how to get rid of it. Can someone please help me out.
I suspect that this supposed “virus” is coming from the Apple update and that it is just a pre-installed file that is created and runs every time the OS is booted/rebooted. But I am unsure since I only have one MacBook and no one else that I know that has a mac has updated the OS to High Sierra. But Avast keeps labeling this as a potential “Cryptonight” virus and no one else online has posted anything about this issue. Therefore, a common virus removal forum isn't helpful in my situation, since I've already attempted to remove it with both Avast, malwarebytes, and manually.
JakeGould35k1010 gold badges109109 silver badges151151 bronze badges
Lonely TwinkyLonely Twinky
1 Answer
Pretty sure there is no virus, malware or trojan at play and his is all a highly coincidental false positive.
It’s most likely a false positive since
/var/db/uuidtext/
is related to the new “Unified Logging” subsystem that was introduced in macOS Sierra (10.2). As this article explains:The first file path (
/var/db/diagnostics/
) contains the log files. These files are named with a timestamp filename following the pattern logdata.Persistent.YYYYMMDDTHHMMSS.tracev3
. These files are binary files that we’ll have to use a new utility on macOS to parse them. This directory contains some other files as well including additional log *.tracev3 files and others that contain logging metadata. The second file path (/var/db/uuidtext/
) contains files that are references in the main *.tracev3 log files.But in your case the “magic” seems to come from the hash:
Just check out this reference for known Windows malware files that references that one specific hash. Congratulations! Your Mac has magically created a filename that matches a known vector that has been primarily seen on Windows systems… But you are on a Mac and this filename is just a hash that is connected to the “Unified Logging” database system’s file structure and it is completely coincidental that it matches that malware filename and should not mean anything.
And the reason that specific file seems to regenerate is based on this detail from the above explanation:
The second file path (
/var/db/uuidtext/
) contains files that are references in the main *.tracev3 log files.So you delete the file in
/var/db/uuidtext/
, but all it is is a reference to what is in /var/db/diagnostics/
. So when you reboot, it sees it is missing and recreates it in /var/db/uuidtext/
.As for what to do now? Well, you can either tolerate the Avast alerts or you can download a cache cleaning tool such as Onyx and just force the logs to be recreated by truly purging them from your system; not just that one
BC8EE8D09234D99DD8B85A99E46C64
file. Hopefully the hash names of the files it regenerates after a full cleaning won’t accidentally match a known malware file again.UPDATE 1: It seems like Avast staff acknowledges the issue in this post on their forums:
I can confirm this is a false positive. The superuser.com post describes the issue quite well - MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner which also happen to trigger one of our detections.
Now what is really odd about this statement is the phrase, “…MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner.”
What? Is this implying that someone on the core macOS software development team at Apple somehow “accidentally” setup the system so it generates neutered fragments of a known malicious cryptocurrency miner? Has anyone contacted Apple directly about this? This all seems a bit crazy.
UPDATE 2: This issue is further explained by someone Radek Brich the Avast forums as simply Avast self-identifying itself:
Hello, I'll just add a bit more information.
The file is created by MacOS system, it's actually part of 'cpu usage' diagnostic report. The report is created because Avast uses the CPU heavily during the scan.
The UUID (7BBC8EE8-D092-34D9-9DD8-B85A99E46C64) identifies a library which is a part of Avast detections DB (algo.so). The content of the file is debugging information extracted from the library. Unfortunately, this seems to contain a string which is in return detected by Avast as a malware.
(The 'rude' texts are probably just names of malware.)
JakeGouldJakeGould35k1010 gold badges109109 silver badges151151 bronze badges
protected by Community♦Nov 26 '17 at 20:07
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Would you like to answer one of these unanswered questions instead?