a .exe file for a game possible false positive [Solved][Closed]

[Nine-Nails]

So I went about my daily routine of database updates, quick scan, launching steam, etc.

then after the DB update and halfway through the quick scan I got a detection for an infected file.

 

the file was UnrailedGame.exe which is a game I own through steam and have done no external modifications to the the files. It recently has recently updated however.

 

The devs and a few other people have been claiming AV flags but none with the classification I received from Kaspersky.

 

it was UDS:Trojan.Multi.GenericML.xnet

 

my questions are: is this most likely a false positive? And what does the classification mean? (Ie, the Multi part etc.)

 

Thanks in advance!

[nexon]

Hi,

Welcome.
 

1. which version of KTS are you using + windows version?
2. you can upload here https://virusdesk.kaspersky.com/ if you think it is false positive click on SUBMIT FOR ANALYSIS enter your e-mail there and send.
3. Also you can create ticket https://my.kaspersky.com/
    

And Multi.Generic is a malware which is sometime hard to detect. And is often located in Documents (My Computer)

[Nine-Nails]

Hi,

 

I’m running Total Security 2020 - 20.0.14.1085(I)

Windows - 10 - 1903

 

I’ll submit the file once I get it downloaded again as I quarantined the file just to be safe.

 

If needed I’ll submit a ticket.

 

Thanks

 

[Nine-Nails]

so I redownloaded the game files. Kaspersky didn’t detect them when scanned and I uploaded the fresh .exe to Virus Desk. There was no threat detected. I’m not sure if that’s due to the file being new or what. But for now I’ve submitted it for analysis.

[nexon]

It might caused by Kaspersky virus definition updates.

Also you are running on older version Windows why don´t update to newest?

[Nine-Nails]

I thought I was something to do with the database update in all fairness as it only detected it after the update. I don’t think I even finished my quick scan. What is strange though is it isn’t detecting the .exe again when I re-download it through steam.

 

edit: I also put a ticket in through the support in my Kaspersky. Hopefully they should give me an answer. Also I did a full scan last night and nothing was detected.

 

also about the windows, I just keep forgetting to do it. I’ve been meaning to get it done.

[nexon]

Daily are new and new viruses over 300 000 new viruses everyday by kaspersky. Also Kaspersky in tests have verry low FP (False Positives).

Also if you see in you kaspersky KSN (security network) statistic there is currently
over 3,5 billion safe

nearly 1,5 billion unsafe

1,8 billion waiting for detection

[Nine-Nails]

I understand that, however this file has been on my pc for a long time, I’ve played the game and ran it and no other AV detects it as a virus so I’m unsure as to whether it could be a false positive especially as it’s a generic detection value. Even before the quarantine of the file malware bytes and windows defender had nothing to detect on the file.

[nexon]

Tried you upload on virustotal?

[Nine-Nails]

I’ve been trying to with fresh installations of the game however Kaspersky keeps auto deleting and quarantining fresh installations (from steam as well). Surely this indicates it’s a false positive. If it’s auto detecting it from a fresh install from a trusted source.

[nexon]

Can you upload this file on virustotal?

[Nine-Nails]

No unfortunately I can’t every time I try Kaspersky just blocks it from being uploaded and deletes the file. Even with a fresh installation from a trusted source. But from Kaspersky virus desk it detected nothing wrong with the file.

[nexon]

You can disable protection kaspersky and restore file from quarantine next upload it on virustotal, then enable protection.

[Nine-Nails]

Okay I managed to upload. 4 out of 73 AV software detected it as a generic malware. The rest say it’s clean.

[nexon]

This is High False positive.

[Nine-Nails]

sorry for the bad photo but I’m using my tablet to respond

 

[Nine-Nails]

By high false positive you mean the file is safe right?

[nexon]

As i wrote false positive (these 4 AV solutions) i´ve never heard about these antiviruses…

Yes.

[Nine-Nails]

Okay thanks. I figured it was from all the experience with the file in the past. One question how do I go and set an exclusion for this file as each time I download it Kaspersky just deletes the file?

[nexon]

If you have created support ticket, they will reply on your incident and also they create virus definition update for fix this, so until this time you can add this to exclusions :

Settings > Additional > Threats and Exclusions > Manage exclusions > Add > Browse and find this .exe file and click Add. Thats it.

[Nine-Nails]

Okay thanks for the support! I have created a ticket so it should be updated when they respond.

 

Thanks again!

[nexon]

Yeah no problem 🙂

Also when people from Kaspersky create a fix (new virus definition) then i recommend you delete this file from exclusions in kaspersky.

[Nine-Nails]

I will do. In all fairness I hadn’t played the game in a while so I’ll most likely wait for them to fix it. If I feel like I want to play it however I’ve got the exclusion there.

 

thanks again!