Avast WEBforum

Other => Viruses and worms => Topic started by: PFE on July 30, 2021, 09:22:17 PM

Title: False Positive on Git Kraken Software (IDP.generic)
Post by: PFE on July 30, 2021, 09:22:17 PM

Hello,

I'm trying to install Git Kraken (an user friendly software to manage Git versions) and I got a popup error: Infected by IDP.Generic.

This .exe it's genuine because it was download from the original source/publisher/developer. It was scanned using Virus Total and it also look clean.

Could you please guys have a look asap?

https://www.virustotal.com/gui/file/e4d8f1772cf389e17e7921f8664a943e7ff6e67691aa9bf28e88da3f7616d8f6/detection (https://www.virustotal.com/gui/file/e4d8f1772cf389e17e7921f8664a943e7ff6e67691aa9bf28e88da3f7616d8f6/detection)

Thank you very much,

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: polonus on July 30, 2021, 10:58:53 PM

L.S.

As your avast antimalware program has suddenly warned you about IDP.generic virus?

For the people who use security solutions like avast or AVG, “IDP.Generic” might be a familiar term.
This term is not limited to a single malware program.
It is, in fact, a generic term used by antimalware solutions for naming identity theft programs. I
DP stands for Identity Detection Protection.

Whenever a security solution pop-ups the “IDP.Generic” pop-up, it indicates,
that the antimalware program has detected an unusual behavioral pattern.
That is, the cybercriminals made an attempt to steal your personal information.

However, many times an antimalware show a false-positive result because it is outdated or broken.
A false-positive result means that antimalware would catch the program or files that are not actually malware.
As a result, it reports many legitimate programs such as gaming platform steam, discord, and others as malicious.

Because of the repetitive false-positive detection, people tend to ignore the “IDP.Generic” threat.
This is where cybercriminals take advantage. They release and bypass the malicious files by naming them similar to legit files.
Most users ignore the warnings from the security solution, thinking them as a false-positive.

It is a best practice to check the files thoroughly before you mark them safe.  (info credits Peter Balthazar)

Time now to send the file to avast's and wait for their final verdict, whether this is a FP or the real McCoy in malicious terms,
you could do that accordingly here: https://www.avast.com/false-positive-file-form.php

polonus

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: PFE on July 30, 2021, 11:49:41 PM

Thank you very much for your quick answer. This form seems to be broken at some point (internal server error). I will try again in a while.

Cheers.

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: Pondus on July 31, 2021, 12:19:20 AM

Quote

Thank you very much for your quick answer.

@Polonus did a Google search an gave you a copy paste

https://www.malwarefox.com/remove-idp-generic-virus/

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: polonus on July 31, 2021, 12:28:30 AM

Hi Pondus,

Well that may be true (added the source of that description), but only partly to describe the actual threat as this description is very accurate. Avast Team will eventually respond to the file being reported by the OP. I asked him to react with the final results.

If you have something additional to add, you are welcome,

polonus

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: Pondus on July 31, 2021, 12:42:17 AM

Quote

If you have something additional to add, you are welcome,

It is just a general description from a ad siste promoting malware fox …. a program you find no test/reviews about on any reputable it tech siste


The nett is full of these websites that will popup if you do a malware name search. It is all about promoting the program on the website and the malware description given is usually a one description fits all type

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: polonus on July 31, 2021, 12:53:34 PM

My posting was not about promoting any program, it was about a general description of why the term IDP generic, that was helpful here.
In other words:

Quote

IDP stands for Identity Detection Protection. Whenever a security solution pop-ups the “IDP.Generic” pop-up, it indicates that the antimalware program has detected an unusual behavioral pattern.

That any better or similar, this time taken from what you call reputable sources, where we find a similar description.

polonus

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: PFE on August 01, 2021, 03:25:16 PM

I tried to send this file but the form you sent me looks still broken.

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: DavidR on August 01, 2021, 03:36:12 PM

Quote from: PFE on August 01, 2021, 03:25:16 PM

I tried to send this file but the form you sent me looks still broken.

Can you give more details.
What did you try and how is it broken (the link works) ?
Are you getting any error messages ?

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: PFE on August 01, 2021, 04:21:25 PM

I think I realized what the problem is: Form says 50MB max. and this .exe is around 150MB... so not a clue how to send to Avast workers for a profesional review :-(

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: Pondus on August 01, 2021, 04:42:26 PM

You can upload and scan file at https://www.virustotal.com/

When done post link to scan result here. Avast lab can then fetch file from VT

Title: Re: False Positive on Git Kraken Software (IDP.generic)
Post by: PFE on August 01, 2021, 08:23:49 PM

Here we are: https://www.virustotal.com/gui/file/e4d8f1772cf389e17e7921f8664a943e7ff6e67691aa9bf28e88da3f7616d8f6/detection

Cheers