Author Topic: Avast has put SIHClient.exe into virus chest - what should I do  (Read 19624 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast has put SIHClient.exe into virus chest - what should I do
« on: December 21, 2017, 10:47:28 PM »
Ot rather I OKed it to do that since I didn't know what to do about this.

Updated Avast today. It just told me SIHCLient.exe was a threat and told me to either put it in virus chest or create an exception for it. It was caugfht apparently by the "bahaviour" scan module.

My understanding is this program controls updates to W10 etc, so this does not seem like a good idea, but I decided better safe than sorry and to make a posy here to ask advice as to what to do about this.

W10 has just done a big update a couple of dsays ago I think, and Avast updated today, so I guess this might have something to do with it (i.ee. SIHClient.exe doing something new/differntly Avast isn't aware of yet)

I assume that I can restore this file from the virus chest if necessary. I would like to know if that's what I should do or if there is other action I should be taking.

Thanks

REDACTED

  • Guest
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #1 on: December 22, 2017, 10:09:51 PM »
Bumping this thread since the same thing happened on my system.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #2 on: December 23, 2017, 04:07:39 AM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #3 on: December 24, 2017, 04:48:54 PM »
OK but I am not sure if it is a false positive and I'm not sure what I should do about this. The thing reamins in the virus chest AFAIKK and I'm freaking out about what to do.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #4 on: December 24, 2017, 05:20:37 PM »
What malware name does avast give it?

If you right click the file in chest and scan it, what does avast say?

How to use chest  >>  https://support.avast.com/en-eu/article/Use-Antivirus-Virus-Chest


If avast still detect, create a new folder somwhere (on your desktop) and name it virustotal. Exclude this folder from avast scanning  >>  https://support.avast.com/en-eu/article/Antivirus-scan-exclusions

Extract file from the Virus Chest to the folder you created, you can now upload the file and test it at www.virustotal.com

post link to scan result here



« Last Edit: December 24, 2017, 05:38:58 PM by Pondus »

REDACTED

  • Guest
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #5 on: December 24, 2017, 09:04:22 PM »
Thanks for reply.

Virus chest lists it as IDP.Generic -  SIHClient.exe - c:\windows/system32

I can't seem to get a speed menu or anything from a right-click. Only options appear to be delete or restore from the big green combo box. No visible means to scan it.

BTW reason I'm feaking out about this is I understand this program is what handles W10 updates/security patches etc. So I'm caugfht between the devil and the deep blue sea until I can either a) establish for sure this thing is legit and Avast is hitting a false +ve or b) obtain a guaranteed legit replacement for it somewhere so I can just delete the copy in the chest.

Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #6 on: December 24, 2017, 09:08:22 PM »
try entering the chest from right click on tray icon down by the computer clock


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #7 on: December 24, 2017, 09:25:34 PM »
scan of SIHClient from my computer
https://www.virustotal.com/#/file/50b0f23134dc14d19a524bacff266e87b67605a9faccaaa75f85a2e431f73608/detection

Copyright   © Microsoft Corporation. All rights reserved.
Product   Microsoft® Windows® Operating System
Description   SIH Client
Original Name   sihclient.exe
Internal Name   SIH Client
File Version   10.0.16299.98 (WinBuild.160101.0800)



REDACTED

  • Guest
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #8 on: December 24, 2017, 10:19:02 PM »
try entering the chest from right click on tray icon down by the computer clock

I get the same result - no right-click action and no visible means to scan. Maybe 'cos I got the cheapskate peasant version, like the free one?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #9 on: December 24, 2017, 10:23:08 PM »
hmmm .... should be there, try avast repair  >>  https://support.avast.com/en-eu/article/Repair-Antivirus


REDACTED

  • Guest
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #10 on: December 24, 2017, 11:47:17 PM »
I ran the reapir and it seemed to do a fair bit, copying various files etc, but it did not make a right-click option in items in the virus chest or put any visible way to run a scan on a file in the chest :(

Moving on, I tried to move SIHClient to a new folder and exclude it as you suggested - but when I selected (the only option avilable) restore it put it back in \system32 :(

So I ran your virustotal link on it there and it came back with this result (which lookks pretty much the same as yours)

https://www.virustotal.com/#/file/50b0f23134dc14d19a524bacff266e87b67605a9faccaaa75f85a2e431f73608/detection

what do you think?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #11 on: December 25, 2017, 12:39:08 AM »
Quote
Moving on, I tried to move SIHClient to a new folder and exclude it as you suggested - but when I selected (the only option avilable) restore it put it back in \system32
If you have restored it and avast is now quiet/dont detect, then i guess avast has fixed a false positive


REDACTED

  • Guest
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #12 on: December 25, 2017, 01:50:38 AM »
yeah I guess I'll see how it goes.

Thanks a lot for you help, man, and have a happy xmas and new year.

REDACTED

  • Guest
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #13 on: January 05, 2018, 08:05:02 PM »
Hello,

I have had the same issue today (Avast has blocked SIHclient.exe and I have accepted to move the file in quarantine).
Some additionnal information: yesterday, I have accepted a major update of Windows 10 (Fall creators update, version 1709) and after the update, Avast asked also me to restart my computer due to an update (I think an Avast update was ecessary for this new Windows 10 major version).
I my list of windows updates installed, I have seen other updated installed today; KB4057247, KB4054022, KB4055237 and KB4055994).
In the event viewer, I see also another updates installed a few minutes before the Avast alert;
  • Installation démarrée : Windows a commencé l'installation de la mise à jour suivante (installation started of a windows update): 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517)
  • Installation réussie : Windows a installé la mise à jour suivante (windows installed the following update): 2017-12 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4053577)
  • Installation démarrée (installation started of a windows update): Windows a commencé l'installation de la mise à jour suivante : Update for Windows 10 Version 1709 for x64-based Systems (KB4058043)

So, for me, this alert is due to Windows Fall Creators 10 update, Avast update or the post-Windows updates following Windows Fall Creators 10 update...
For now, I have kept the file in Avast qurantine. Avast is uptodate (program and antiviral definitions), not sure if it is safe to restore these file, if this file is really needed and I haven't tried to repair Avast. A third Avast user (and maybe other users) has also add the same issue on december, 21st: https://forum.avast.com/index.php?topic=212067.0
 
Regards,
Christophe
« Last Edit: January 05, 2018, 09:17:14 PM by clefebvre.62 »

REDACTED

  • Guest
Re: Avast has put SIHClient.exe into virus chest - what should I do
« Reply #14 on: January 05, 2018, 09:24:03 PM »
And a few minutes ago, I have had a Window notification to restart my computer after another windows update again today and I haven't checked if I have yet the file SIHclient.exe in c:\windows\system2 folder after the Avast quarantine of today but I have just checked, I have a c:\windows\system32\SIHclient.exe file, modified acording to the window explorator on november, 26th of 2017 so I haven't to restore the file. Strange... I have checked this file with Avast and Avast has accepted the file... So, for now, I will keep the another one in quarantine.

Regards,
Christophe
« Last Edit: January 05, 2018, 09:38:03 PM by clefebvre.62 »