How do I know if this is a false positive or not?

[cloudropis]

I downloaded a utility tool to mod a game which is widely known and used in that game's community, got straight from the developer's direct link. I scanned it before running it with both Avira and MB (like I do with EVERYTHING I download) and found nothing. But as soon as I ran it Avira blocked it and put it into quarantine, claiming it was a HEUR/APC (Cloud) malware.
Now, I know Avira used to be the king of false positives, and that hundreds of people use that modding tool with no problems, but I'd like to know if there is anything I can do to double, if not triple, check before putting it into the exceptions list. I used virustotal and got 2/57, the two being some unknown bootleg antivirus.
I don't know what to make of the fact that it doesn't find anything scanning the exe but does after running it, never happened to me, what do you think/suggest?

 

[Skylyne]

The HEUR/APC code you see is telling you that it found a process that triggered their heuristics engine. The heuristics engine scans running processes, and flags things that attempt to modify files on your computer. Game mods typically do this to begin with, so that kind of flag/alarm is nothing too out of the ordinary to see. At least, that is my opinion.

As far as scans go, I'd say the reason you didn't see anything pop up in the file scans is because they are looking for malware code, while the heuristics engine scans active processes; these are two different methods of finding malware.

If you know the developer is legit, then I would say you have nothing to worry about. As with all mods, unless you know what is in the code, you will always be taking a slight gamble when using them. I'd say, if you got the mod from the developer's link, you should be fine. I wouldn't worry too much.

Is there a way to double check against Avira? Short of installing another AV, and using their live scanner while installing the mod, there's probably nothing that would really give you a real second opinion.

 

[cloudropis]

thank you so much, I did some research and I figured it was something like that but I still found weird HEUR/APC (Cloud) had its own Avira database page like a full blown malware. Thanks again!

 

[Skylyne]

Yeah, I know what you mean. I remember how various cloud scanning/process ratings on cleaning software/etc. would come up with shit tons of info on it. Pretty cool how some software does that, but it can be self defeating lol.

And not a problem. I get on here and post replies like that all the time. This is one of my hobbies haha. Mainly computer security, but knowing game related code like this kind of relates to it lol

 

[cloudropis]

Might as well use this topic again
I tinkered with the suspicious software a bit and even putting in into Avira's exceptions and straight up removing the euristic module running the exe gives me a windows error saying there isn't enough memroy available to run the service. Both PCs I tried with have more than enough RAM, so what gives?

 

[Skylyne]

I honestly don't know what happened there. That would be interesting to know, though.