I was doing a virus scan earlier and up popped this file listed as a Win64:Malware-gen

C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0332242.0_x64__8wekyb3d8bbwe\codecpacks.HEVC.exe

I can’t seem to get in to the WindowsApps directory to upload it to the virus total website. What do people think this is?

I’ve been reading that the WindowsApps folder is the default Windows apps folder.

I’m not sure if I’ve made this post in the right place so the mods can move it if it’s in the wrong section.

I just had the exact same thing happen on my PC, but I managed to extract the file from the virus chest and upload it to VirusTotal: https://www.virustotal.com/gui/file/561256d1f012e7c0014a76d908b82609a6cade9342144fd163a6aca800a41c81/detection

I am fairly certain it’s a legitimate file from the “HEVC Video Extensions from the Device Manufacturer” app, and I’ve reported it as a false positive within the interface.

Thanks mate, its good to know when we’re not the only one getting the problem

Yea we are getting a ton of alerts about this file from multiple clients.

Same here on a number of machines, picked up by a scheduled scan. I have submitted a ticket to support so lets see what they say.

I just checked for related CVE’s so this might be why it is triggered https://nvd.nist.gov/vuln/detail/CVE-2020-17107

I recall something mentioned re this on Security Now podcast a few episodes ago - might need to be updated via the Microsoft Store (yes via the store!)

If I find out more I will post here.

I had an alert displayed from AVG that it had found the malware. But I ran Malwarebytes before closing out the AVG scan to confirm and it did not detect a Malware in the same location. So I quarantined the finding so that I may perhaps restore it once confirmed this is not malware.

I went to the virustotal link Andrew posted earlier and it only had Avast and AVG detecting it.

Then I checked it just now and noticed AVG was no longer detecting it. So I went in to Avast and updated the virus definitions and did another scan and its now no longer picked up as malware.

So think we can case close this as a false positive, though I can see why it appeared on the radar with what Wayne posted.

Nothing back from support yet. Not impressed by support to be honest, have had a lot of issues with Avast over the past two years - they might be ignoring me because I told them some home truths and didn’t hold back.

The CVE is for an earlier version of the codec pack so we should be safe. Looks like it isn’t getting picked up now after a def update like Bowdon said.

Same issue here. Already reported a False positive but can’t seem to restore it. Does restoring work for you?

https://forum.avast.com/index.php?topic=245329.0

I took those steps too but I still can’t seem to restore it after updating the virus definitions

I didnt quarantine the file. I kept skipping it.

Isn’t there a way to select the file in the virus vault and select restore?

By right it is supposed to work but there is an error message (see the link I provided). Also it was detected after I downloaded an update not as per a scheduled scan. I tried Restoring and Restoring and adding exception, both do not work.

I wonder if its worth trying to repair the windows system files and see if it re-adds the file?

https://support.microsoft.com/en-gb/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system

I’ll try but I doubt it will help since its a system file but not in the OS (WindowsApps folder). Also I tried restoring an actual malware (a pdf containing malicious javascript) and restoring to Desktop works. Maybe because I don’t have enough permissions to restore it to the particular folder, even though I already run avast as administrator.