Re: Antiy-AVL Trojan/Generic.ASMalwS.34BD287

Chase109 · ‎12-18-2021

Hello there, IntelCpHeciSvc.exe has been flagged by Anti-AVL as a Trojan. I am quite confused because this is a native assembly and the sevice is for Content Protection HDCP or cplspcon service. The path is C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7235e19753e8934\IntelCpHDCPSvc.exe. I used Intel Driver & Support Assistant to install my update. I have also tried doing the manual way as well, and I still get the CpHDCPSvc.exe flagged as a Trojan on Virustotal with the only Flag by Antiy-AVL. So I dont know if this is a false positive or not.

Chase109 · ‎12-19-2021

Now the flag for IntelCpHeciSvc.exe has gone away, however now IntelSoftwareAssetManagerService.exe is now flagged by Antiy-AVL as a Trojan/Generic.ASMalwS.31149B4, and Jiangmin is flagging it as Trojan.PSW.Python.ac. I don't know why they are flagging the runtime-modules for the Software Assist Manager for Intel as Trojans. I think these false positives are getting ridiculous.

AlHill · ‎12-19-2021

Use a different/better anti-virus program, or complain to Antiy-AVL that they should do a better job of detection.

Doc (not an Intel employee or contractor)
[Windows 11 is the new Vista]

Chase109 · ‎12-19-2021

I use Malwarebytes. So I think I use the best Antivirus program. Also I use Windows Safety Scanner, and Windows Maleware Remover. I also use Autoruns, and Process Explorer. Even though it may be a Ai malware detection issue or a false positive, it is still on a Intel service. So it is still a problem with Intel and needs to be addressed.

AlHill · ‎12-19-2021

Which product that you are using is detecting this false positive?

Also, you should only use ONE real-time anti-virus product.

"Best" is a relative term, expecially in anti-virus products. It is a game of leap-frog. And, you should not assume that the AV product is correct. That is why they are rated on false positives.

Turn off malwarebytes, and use windows defender (Windows Security).

Doc (not an Intel employee or contractor)
[Windows 11 is the new Vista]

Chase109 · ‎12-19-2021

The false positives aren't from Malwarebytes or Defender. It is from Antiy-AVL and Jiangmin. I get my information from Process Explorer and Autoruns which is a certified Microsoft Utility. I use it to find Heuristic issues with my software that Malwarebytes or Defender cannot pickup. This does not excuse the warnings however because they are scanned through Virustotal using the api. However this is a problem that Intel and Antiy-AVL and Jiangmin needs to solve. I am just telling what I see, and a Trojan is a serious virus. No company or ai malware can just flag something with a Trojan tag.

David_G_Intel · ‎12-24-2021

Hello @Chase109

If I may offer input here, both warnings received are false positives because both files are from Intel. You can report this to the anti-virus support or get more information from them.

Regards,

David G

Intel Customer Support Technician