Author Topic: I cannot verify whether a quarantined file is malicious or False Positive  (Read 1196 times)

0 Members and 2 Guests are viewing this topic.

Offline armsabts

  • Newbie
  • *
  • Posts: 2
Avast One quarantined the file "uncserver.exe" as "IDP.Generic"; uncserver.exe is used by Lenovo for automatic updates. I have sent it for analysis three times, but have received no response from Avast.

Is there any other way to check whether that file is indeed infected?

What does the "Extract" option do?

Thank you!
« Last Edit: August 26, 2022, 06:42:21 PM by armsabts »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
I have never used it, but I would assume, you could choose the location to extract it to.  Just tested it and it gives the option of where to extract to, see attached image).  However, if it were used again or even upon extraction the file system shield may alert (depends on what shield initially sent it to quarantine).

So it would be better Restore and add Exception. There is a risk if it were hacked/malicious.

Is this file digitally signed ?
« Last Edit: August 26, 2022, 08:36:20 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline armsabts

  • Newbie
  • *
  • Posts: 2
Thank you DavidR!

I agree that it would be better to do Restore and Add Exception and that there would be a risk if it were hacked or malicious, which is why I sent it for analysis to Avast, but since they do not respond, I need to find an alternate virus detector. But, I guess in that case I would need to extract the file, which might prevent a subsequent Restore and Add Exception. So, it seems that I am caught in a loop.

I don't know if the file is digitally signed. How do I find out? It might be that I need to extract it in order to find out.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
If you want, you can do what I have done, create a folder for samples, test files, etc.
I have imaginatively called mine Exclusions, easy to remember and that folder  to the Avast Exclusions.

Now you could upload it to VirusTotal for analysis - https://www.virustotal.com/gui/home/upload -
Also avast using - Reporting a Possible False Positive File - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

Right clicking on the file and selecting Properties > Digital Signatures, if it is digitally signed it should show.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security