Ot rather I OKed it to do that since I didn’t know what to do about this.
Updated Avast today. It just told me SIHCLient.exe was a threat and told me to either put it in virus chest or create an exception for it. It was caugfht apparently by the “bahaviour” scan module.
My understanding is this program controls updates to W10 etc, so this does not seem like a good idea, but I decided better safe than sorry and to make a posy here to ask advice as to what to do about this.
W10 has just done a big update a couple of dsays ago I think, and Avast updated today, so I guess this might have something to do with it (i.ee. SIHClient.exe doing something new/differntly Avast isn’t aware of yet)
I assume that I can restore this file from the virus chest if necessary. I would like to know if that’s what I should do or if there is other action I should be taking.
OK but I am not sure if it is a false positive and I’m not sure what I should do about this. The thing reamins in the virus chest AFAIKK and I’m freaking out about what to do.
Virus chest lists it as IDP.Generic - SIHClient.exe - c:\windows/system32
I can’t seem to get a speed menu or anything from a right-click. Only options appear to be delete or restore from the big green combo box. No visible means to scan it.
BTW reason I’m feaking out about this is I understand this program is what handles W10 updates/security patches etc. So I’m caugfht between the devil and the deep blue sea until I can either a) establish for sure this thing is legit and Avast is hitting a false +ve or b) obtain a guaranteed legit replacement for it somewhere so I can just delete the copy in the chest.
I ran the reapir and it seemed to do a fair bit, copying various files etc, but it did not make a right-click option in items in the virus chest or put any visible way to run a scan on a file in the chest
Moving on, I tried to move SIHClient to a new folder and exclude it as you suggested - but when I selected (the only option avilable) restore it put it back in \system32
So I ran your virustotal link on it there and it came back with this result (which lookks pretty much the same as yours)
Moving on, I tried to move SIHClient to a new folder and exclude it as you suggested - but when I selected (the only option avilable) restore it put it back in \system32
If you have restored it and avast is now quiet/dont detect, then i guess avast has fixed a false positive
I have had the same issue today (Avast has blocked SIHclient.exe and I have accepted to move the file in quarantine).
Some additionnal information: yesterday, I have accepted a major update of Windows 10 (Fall creators update, version 1709) and after the update, Avast asked also me to restart my computer due to an update (I think an Avast update was ecessary for this new Windows 10 major version).
I my list of windows updates installed, I have seen other updated installed today; KB4057247, KB4054022, KB4055237 and KB4055994).
In the event viewer, I see also another updates installed a few minutes before the Avast alert;
Installation démarrée : Windows a commencé l’installation de la mise à jour suivante (installation started of a windows update): 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517)
Installation réussie : Windows a installé la mise à jour suivante (windows installed the following update): 2017-12 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4053577)
Installation démarrée (installation started of a windows update): Windows a commencé l’installation de la mise à jour suivante : Update for Windows 10 Version 1709 for x64-based Systems (KB4058043)
So, for me, this alert is due to Windows Fall Creators 10 update, Avast update or the post-Windows updates following Windows Fall Creators 10 update…
For now, I have kept the file in Avast qurantine. Avast is uptodate (program and antiviral definitions), not sure if it is safe to restore these file, if this file is really needed and I haven’t tried to repair Avast. A third Avast user (and maybe other users) has also add the same issue on december, 21st: https://forum.avast.com/index.php?topic=212067.0
And a few minutes ago, I have had a Window notification to restart my computer after another windows update again today and I haven’t checked if I have yet the file SIHclient.exe in c:\windows\system2 folder after the Avast quarantine of today but I have just checked, I have a c:\windows\system32\SIHclient.exe file, modified acording to the window explorator on november, 26th of 2017 so I haven’t to restore the file. Strange… I have checked this file with Avast and Avast has accepted the file… So, for now, I will keep the another one in quarantine.
I just had the same problem. Popped up when I was playing a MS Game.
Threat name IDP.Generic
Infected File SIHClient.exe
Location C:\Windoes\System32
I put it in the virus Chest but Is it a necessary file?