false positive IDP.GENERIC?

[andrea26]

Hello, i installed a mod for a game, this mod should be pretty popular and i'm decently confident the site i downloaded it was the original one
Anyway after using it for a few times avast flagged it as a "IDP.GENERIC" and put it in quarantine, i checked the folder for viruses but every time it found nothing, only if i use it (and close it) it puts it in quarantine
I checked the .exe file in virustotal and it says Malwarebytes detects it as "Malware.Heuristic.1001" https://www.virustotal.com/gui/file/61b149693b4d587c5dc25e267bf3ee328a3893393f9da0b38b2f5aa12f72cc0f/detection
Is it a false positive or what should i do?

[DavidR]

Well its strange that Avast doesn't detect it in the Virus Total link you gave.

But given it is named "IDP.GENERIC", IDP (Intrusion Detection Protection) . Generic (looking to catch multiple intrusions I guess).  I don't know how much weight is placed on the fact that it, as an executable file, which isn't digitally signed.

Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two. 

Based on your saying it isn't detected when not active, is where the suspect IDP when running appears to be the cause.

Since you say it have been sent to quarantine, you should also be able to submit it to Avast from Quarantine (Submit for analysis), in the Remarks you could explain what you have here and or give a link back to this topic.

[andrea26]

I already reported it and the strange fact is that it worked for the first 2-3 times, only after i closed the game one time it detected this virus

[DavidR]

The problem is whilst it is dormant then any action results in it being detected an a possible Intrusion Detection.

This is effectively confirmed in the VT link you posted, look at the Details, Relations and Behaviour sections and that activity could be considered suspect in an executable file that isn't digitally signed.

Unless you explained that in your reporting of a possible false positive.  When simply checking the file in isolation is likely to give the same result you are getting it when scanning it in isolation when it is dormant.

This is why I suggested giving a link back to this topic or a full description of the problem.

I'm an Avast User not an Avast Team Member, just trying to point you in the right direction.  In something like this they would need details.

[andrea26]

Mh yes i think more or less what you mean and it may look suspicious
By the way sorry but i didn't understand what you meant with "This is why I suggested giving a link back to this topic or a full description of the problem."

[DavidR]

Not a problem, what is clear to me may not be so clear to others.

In giving a URL link back to this topic, saves having to give a detailed information when reporting it.  That way they would have to test it when running the associated program, Silent Hunter III ?

I still wonder why whomever produced the game didn't digitally sign the executable files.

[r@vast]

Hi,

This was a false positive. Please update your virus definitions and reply to the ticket you created if you need further assistance. https://support.avast.com/article/Update-Antivirus/