Avast WEBforum

Other => Viruses and worms => Topic started by: armsabts on August 26, 2022, 06:28:23 PM

Title: I cannot verify whether a quarantined file is malicious or False Positive
Post by: armsabts on August 26, 2022, 06:28:23 PM
Avast One quarantined the file "uncserver.exe" as "IDP.Generic"; uncserver.exe is used by Lenovo for automatic updates. I have sent it for analysis three times, but have received no response from Avast.

Is there any other way to check whether that file is indeed infected?

What does the "Extract" option do?

Thank you!
Title: Re: I cannot verify whether a quarantined file is malicious or False Positive
Post by: DavidR on August 26, 2022, 08:34:22 PM
I have never used it, but I would assume, you could choose the location to extract it to.  Just tested it and it gives the option of where to extract to, see attached image).  However, if it were used again or even upon extraction the file system shield may alert (depends on what shield initially sent it to quarantine).

So it would be better Restore and add Exception. There is a risk if it were hacked/malicious.

Is this file digitally signed ?
Title: Re: I cannot verify whether a quarantined file is malicious or False Positive
Post by: armsabts on August 26, 2022, 09:24:44 PM
Thank you DavidR!

I agree that it would be better to do Restore and Add Exception and that there would be a risk if it were hacked or malicious, which is why I sent it for analysis to Avast, but since they do not respond, I need to find an alternate virus detector. But, I guess in that case I would need to extract the file, which might prevent a subsequent Restore and Add Exception. So, it seems that I am caught in a loop.

I don't know if the file is digitally signed. How do I find out? It might be that I need to extract it in order to find out.

Title: Re: I cannot verify whether a quarantined file is malicious or False Positive
Post by: DavidR on August 26, 2022, 09:47:51 PM
If you want, you can do what I have done, create a folder for samples, test files, etc.
I have imaginatively called mine Exclusions, easy to remember and that folder  to the Avast Exclusions.

Now you could upload it to VirusTotal for analysis - https://www.virustotal.com/gui/home/upload -
Also avast using - Reporting a Possible False Positive File - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
You should get a response in a day or two.

Right clicking on the file and selecting Properties > Digital Signatures, if it is digitally signed it should show.