Graphics
Intel® graphics drivers and software, compatibility, troubleshooting, performance and optimization
18034 Discussions

Antiy-AVL Trojan/Generic.ASMalwS.34BD287

Chase109
Beginner
8,972 Views
Hello there, IntelCpHeciSvc.exe has been flagged by Anti-AVL as a Trojan. I am quite confused because this is a native assembly and the sevice is for Content Protection HDCP or cplspcon service. The path is C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7235e19753e8934\IntelCpHDCPSvc.exe. I used Intel Driver & Support Assistant to install my update. I have also tried doing the manual way as well, and I still get the CpHDCPSvc.exe flagged as a Trojan on Virustotal with the only Flag by Antiy-AVL. So I dont know if this is a false positive or not.
0 Kudos
6 Replies
Chase109
Beginner
8,948 Views
Now the flag for IntelCpHeciSvc.exe has gone away, however now IntelSoftwareAssetManagerService.exe is now flagged by Antiy-AVL as a Trojan/Generic.ASMalwS.31149B4, and Jiangmin is flagging it as Trojan.PSW.Python.ac. I don't know why they are flagging the runtime-modules for the Software Assist Manager for Intel as Trojans. I think these false positives are getting ridiculous.
AlHill
Super User
8,947 Views

Use a different/better anti-virus program, or complain to Antiy-AVL that they should do a better job of detection.

 

Doc (not an Intel employee or contractor)
[Windows 11 is the new Vista]

Chase109
Beginner
8,946 Views
I use Malwarebytes. So I think I use the best Antivirus program. Also I use Windows Safety Scanner, and Windows Maleware Remover. I also use Autoruns, and Process Explorer. Even though it may be a Ai malware detection issue or a false positive, it is still on a Intel service. So it is still a problem with Intel and needs to be addressed.
AlHill
Super User
8,932 Views

Which product that you are using is detecting this false positive?

Also, you should only use ONE real-time anti-virus product.

"Best"  is a relative term, expecially in anti-virus products.  It is a game of leap-frog.  And, you should not assume that the AV product is correct.  That is why they are rated on false positives.

 

Turn off malwarebytes, and use windows defender (Windows Security).

 

Doc (not an Intel employee or contractor)
[Windows 11 is the new Vista]

Chase109
Beginner
8,926 Views
The false positives aren't from Malwarebytes or Defender. It is from Antiy-AVL and Jiangmin. I get my information from Process Explorer and Autoruns which is a certified Microsoft Utility. I use it to find Heuristic issues with my software that Malwarebytes or Defender cannot pickup. This does not excuse the warnings however because they are scanned through Virustotal using the api. However this is a problem that Intel and Antiy-AVL and Jiangmin needs to solve. I am just telling what I see, and a Trojan is a serious virus. No company or ai malware can just flag something with a Trojan tag.
David_G_Intel
Moderator
8,854 Views

Hello @Chase109


If I may offer input here, both warnings received are false positives because both files are from Intel. You can report this to the anti-virus support or get more information from them.


Regards, 

David G 

Intel Customer Support Technician 


Reply