AVG tries to block perl.exe

[Vangelis forthnet]

On Sun Apr 19 20:58:52 BST 2015, Alan Milewczyk wrote:

> if anyone else has experienced this, 
> but this afternoon I had an error message popping up
> to tell me that AVG was trying to protect me 
> from perl.exe

Hi Alan :-)

On the old (2005) desktop, still on WinXP SP2, 
I have Kaspersky AV 2013 installed; when I tried to 
install GiP a few months ago (back then at v2.91), 
the install went along fine, but when I started GiP 
soon after, the AV flagged the executable 
 
C:\Program Files\Get_iPlayer\perl.exe

as "PDM.RootShell" - this is "perl.exe" 
described as Perl interpreter v5.18.2.2. 
I had to whitelist this executable from 
"File Scan" & "Proactive defence" in 
order not to receive nag prompts from my AV.

> unfortunately, I allowed it to delete the file 
> before I quite realised what I'd done. 
> Anyway, a quick reinstallation reinstated 
> the file.

I am not very familiar with the AVG settings, 
but in Kaspersky I have set it to
1. always prompt for user action upon detection
2. if possible, move deleted (by AV) item to 
the Quarantine folder, where it stays for 30 days 
and then gets permanently deleted automatically...
 So, if I inadvertently delete something I need, 
I can get it back quickly by restoring it from 
Quarantine (and then add it manually to the 
Exclusion list...).

> AVG does seem rather aggressive in some cases, 
> treating legitimate programs as viruses.

This is especially true with free AVs like AVG/Avast/Avira, 
which give an increased amount of false positives, 
because they follow the "better safe than sorry" school...
The user can help reduce these false positives 
by contacting the authors of the AV and 
sending them the falsely flagged file, for 
removal (hopefully) from the malware definitions 
in a future update - I for one have done so 
with Kaspersky 2 or 3 times in the past...

Regards,
Vangelis.