Avast has put SIHClient.exe into virus chest - what should I do

Ot rather I OKed it to do that since I didn’t know what to do about this.

Updated Avast today. It just told me SIHCLient.exe was a threat and told me to either put it in virus chest or create an exception for it. It was caugfht apparently by the “bahaviour” scan module.

My understanding is this program controls updates to W10 etc, so this does not seem like a good idea, but I decided better safe than sorry and to make a posy here to ask advice as to what to do about this.

W10 has just done a big update a couple of dsays ago I think, and Avast updated today, so I guess this might have something to do with it (i.ee. SIHClient.exe doing something new/differntly Avast isn’t aware of yet)

I assume that I can restore this file from the virus chest if necessary. I would like to know if that’s what I should do or if there is other action I should be taking.

Thanks

Bumping this thread since the same thing happened on my system.

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

OK but I am not sure if it is a false positive and I’m not sure what I should do about this. The thing reamins in the virus chest AFAIKK and I’m freaking out about what to do.

What malware name does avast give it?

If you right click the file in chest and scan it, what does avast say?

How to use chest >> https://support.avast.com/en-eu/article/Use-Antivirus-Virus-Chest

If avast still detect, create a new folder somwhere (on your desktop) and name it virustotal. Exclude this folder from avast scanning >> https://support.avast.com/en-eu/article/Antivirus-scan-exclusions

Extract file from the Virus Chest to the folder you created, you can now upload the file and test it at www.virustotal.com

post link to scan result here

Thanks for reply.

Virus chest lists it as IDP.Generic - SIHClient.exe - c:\windows/system32

I can’t seem to get a speed menu or anything from a right-click. Only options appear to be delete or restore from the big green combo box. No visible means to scan it.

BTW reason I’m feaking out about this is I understand this program is what handles W10 updates/security patches etc. So I’m caugfht between the devil and the deep blue sea until I can either a) establish for sure this thing is legit and Avast is hitting a false +ve or b) obtain a guaranteed legit replacement for it somewhere so I can just delete the copy in the chest.

Thanks.

try entering the chest from right click on tray icon down by the computer clock

scan of SIHClient from my computer
https://www.virustotal.com/#/file/50b0f23134dc14d19a524bacff266e87b67605a9faccaaa75f85a2e431f73608/detection

Copyright © Microsoft Corporation. All rights reserved.
Product Microsoft® Windows® Operating System
Description SIH Client
Original Name sihclient.exe
Internal Name SIH Client
File Version 10.0.16299.98 (WinBuild.160101.0800)

I get the same result - no right-click action and no visible means to scan. Maybe 'cos I got the cheapskate peasant version, like the free one?

hmmm … should be there, try avast repair >> https://support.avast.com/en-eu/article/Repair-Antivirus

I ran the reapir and it seemed to do a fair bit, copying various files etc, but it did not make a right-click option in items in the virus chest or put any visible way to run a scan on a file in the chest :frowning:

Moving on, I tried to move SIHClient to a new folder and exclude it as you suggested - but when I selected (the only option avilable) restore it put it back in \system32 :frowning:

So I ran your virustotal link on it there and it came back with this result (which lookks pretty much the same as yours)

https://www.virustotal.com/#/file/50b0f23134dc14d19a524bacff266e87b67605a9faccaaa75f85a2e431f73608/detection

what do you think?

Moving on, I tried to move SIHClient to a new folder and exclude it as you suggested - but when I selected (the only option avilable) restore it put it back in \system32
If you have restored it and avast is now quiet/dont detect, then i guess avast has fixed a false positive

yeah I guess I’ll see how it goes.

Thanks a lot for you help, man, and have a happy xmas and new year.

Hello,

I have had the same issue today (Avast has blocked SIHclient.exe and I have accepted to move the file in quarantine).
Some additionnal information: yesterday, I have accepted a major update of Windows 10 (Fall creators update, version 1709) and after the update, Avast asked also me to restart my computer due to an update (I think an Avast update was ecessary for this new Windows 10 major version).
I my list of windows updates installed, I have seen other updated installed today; KB4057247, KB4054022, KB4055237 and KB4055994).
In the event viewer, I see also another updates installed a few minutes before the Avast alert;

  • Installation démarrée : Windows a commencé l’installation de la mise à jour suivante (installation started of a windows update): 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517)
  • Installation réussie : Windows a installé la mise à jour suivante (windows installed the following update): 2017-12 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4053577)
  • Installation démarrée (installation started of a windows update): Windows a commencé l’installation de la mise à jour suivante : Update for Windows 10 Version 1709 for x64-based Systems (KB4058043)

So, for me, this alert is due to Windows Fall Creators 10 update, Avast update or the post-Windows updates following Windows Fall Creators 10 update…
For now, I have kept the file in Avast qurantine. Avast is uptodate (program and antiviral definitions), not sure if it is safe to restore these file, if this file is really needed and I haven’t tried to repair Avast. A third Avast user (and maybe other users) has also add the same issue on december, 21st: https://forum.avast.com/index.php?topic=212067.0

Regards,
Christophe

And a few minutes ago, I have had a Window notification to restart my computer after another windows update again today and I haven’t checked if I have yet the file SIHclient.exe in c:\windows\system2 folder after the Avast quarantine of today but I have just checked, I have a c:\windows\system32\SIHclient.exe file, modified acording to the window explorator on november, 26th of 2017 so I haven’t to restore the file. Strange… I have checked this file with Avast and Avast has accepted the file… So, for now, I will keep the another one in quarantine.

Regards,
Christophe

Bumping, just got the warning message from Avast today and recommended to move the file to virus chest which I did.

Is it confirmed SIHClient.exe is a false positive?

I just had the same problem. Popped up when I was playing a MS Game.
Threat name IDP.Generic
Infected File SIHClient.exe
Location C:\Windoes\System32
I put it in the virus Chest but Is it a necessary file?

Just to say we’ve just had the same report from AVG on one of our Windows 10 PCs.

I have the same problem.

I have had a warning from Avast. My question is: should I move to virus chest or not ?

If someone could explain how to insert an image, I will post a screenshot.

Thanks

@ 45rpm
When replying, just below the text window is the ‘Attachments and other options’ click that to expand and attach the image.