Possible false positive - MS PIcture-it

My PCs are detecting Win32:Agent-DEP [Drp] in C:\WINDOWS\Installer\2b6a6.msi\Binary.New_Binary6

The actual msi filename varies but when I hover over it is says it is the MS Picture it 2002 installer dated 7/12/2001 19:29. It’s been on my PCs for years so I wonder whether it is a false positive. If necessary I can let you have a copy of the file (4Mb) if you let me know where to upload.

Thanks

Dennis Tricker
Ipswich UK

Hello :slight_smile:

Just for sure you may want to upload the file to VirusTotal to see if only avast! is detecting the file as virus. In case the file is really a false positive, you can sent the file in password protected archive (write the password in the mail body) to virus@avast.com and as a mail subject write “False Positive” :wink:

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

Thanks, both those sites give it the all clear (except when using Avast) so I’ll submit it.