Strange detection

I was away from my new computer for a while and it went into sleep mode. When I came back and awakened it, I saw an Avast virus detection popup and the computer said it was locked and required my password to get back in. I tried to send the file, a PUP according to Avast, to the chest but it wouldn’t do it. I did not want to delete it so I chose to block it. I then did a right click scan of the file with both MBAM and Avast, and they said it was clean. I uploaded it to Virus Total and even though 6 of the scanners detected it as something, the community there rated it completely safe and a part of HP’s default installations.

http://www.virustotal.com/file-scan/report.html?id=0dfc621ceda95d297c34951272311e1f7f433d07810da65b233bf7241ada68ad-1312192231

It is also in my log for the File System Shield.

Any questions…?

I just thought Avast might be interested in what is obviously a false detection.

Maybe I should put it in exclusions?

I see.
Btw, it’s not a false detection. It’s still a PUP.

Ah, a question at last. :wink:
Yes, you can do so, or disable PUP scanning in avast.

Hi Dch48,

My good friend, did you check your version of it against this: http://www.backgroundtask.eu/Systeemtaken/taakinfo/42800/EndProcess.exe/
As it is being considered a PUP, we searched for MD5: fb9f5efc10280f3659dce48069725c3c
The file has no own spreading routine, it is a low risk, low distribution potential and has low damage potential. The only malcious use here you could think of is that it could be used by rogue users or malware to lower security settings. What this potential comes down to can be found here:
http://www.threatexpert.com/report.aspx?md5=fb9f5efc10280f3659dce48069725c3c
Still being detected as PUP. You could upload and report it here as well:
https://www.webimmune.net/default.asp but they will have a reason to keep it in their database.
I would not worry about it now as you have checked your version and know it will do no further harm and know why it is there and what it does - it is the Factory Reset Application of HP and running as a background task. As far as has been established in this thread this EndProcess.exe is a safe one,

polonus