gdbus.exe gets quarantined when starting latest Audacious v.4.4.1

Hi,

I’ve been running Audacious portable official version 4.3.1 for a while, so I decided to update it today and downloaded latest 4.4.1 version from https://audacious-media-player.org/download
When I tried to run it, Windows (10 Pro, 64bit) smart screen asked if I wanted to run it anyway, I said yes and ran it, program started then exited and Avast said it quarantined gdbus.exe

I’ve uploaded it to Virus Total, it found nothing, ran Full System scan, Smart scan and Boot scan with Avast, ran KVRT for good measure, nothing.
Tried the whole thing in Windows Sandbox as well, it ran fine.

Is this false positive?

Version before that also had gdbus.exe, ran it without issue, still runs without issue.

I’ve submitted it for analysis.

Thanks.

I’m surprised it didn’t alert when you downloaded it, unless it was compressed and only alerted on installation ?
Downloaded the compresses executable audacious-4.4.1-win32.exe and that was OK, but would almost certainly alert when gdbus.exe executable was extracted/installed - I’m not sure if avast would be running inside the windows sandbox.

Whilst older versions of gdbus.exe may be ok, however an update may have introduced something that is considered suspicious.

If you submitted it for analysis from the Quarantine (?), give it a few days to be analysed and scan try to Restore it from Quarantine, if it is still considered malicious Avast would alert again.

I’ve scanned it prior to unzipping with Avast, as well after, found nothing. There is no installation because it’s portable version, Avast only reacted when I ran Audacious.exe.

I guess gdbus.exe can be some unsigned driver or something like that. As I said, uploading it to Virus Total, didn’t find anything, even Avast said “undetected” :smiley:
https://www.virustotal.com/gui/file/d4b8ed438d378f95fd923b7d2f423a827e7e412add3f21c5e09ea193aa4c9de6?nocache=1

Very strange - if that is the latest version and the same as the one you submitted to avast for analysis it should be cleared in the virus signatures. How long that might be (as an avast user) I don’t know. Ordinarily it should be analysed within 48hours.

Is there a way to check how it went - analysis by Avast?
I kinda remember, there was some way to receive results, but maybe I’m trippin :smiley:

Previously there used to be an email response, that has stopped a few months ago.
The only I can recall was a mention when you use the report a possible False Positive link, is it would be analysed in 48 hours.

New location to report both a False Positive and or a False Negative (for File or URL) - https://www.avast.com/submit-a-sample#pc Not sure if that was what you used.