When i search through a file (.exe) using Kaspersky Internet Security it finds a file that it considers a threat.
It looks like it is a file in the installer/unpacker that it considers suspicious and not the .exe itself.
The search itself searched through roughly 25 000 files.
Kaspersky says the name of the object/threat is "not-a-virus:RiskTool.Win32.HideExec.bm"
Kaspersky also gave me a choice when i came to handling the threat, that i could actually add exception for it or ignore it. So it seems that kaspersky doesen't see it as super dangerous?
What does "HideExec.bm" mean?
Is there any way i can figure out what the object in question does?
I placed the suspicious file in quarantine and removed almost instantly after i searched through it and found the suspicious file.
As stated in the Background below alot of people, including myself, need the patch in order to run the game at all.
I will consider re-downloading the patch and using it depending on the feedback i get on this forum.
I have read the kaspersky website blog post about "Not-a-Virus" but i still do not know if i should trust the identified object in question. (https://www.kaspersky.com/blog/not-a-virus/18015/)
There is a somewhat old game in which alot of people NEED to use an unofficial patch in order to get to run/function.
The patch can be obtained from a well known website that alot of other modifications/patches can be downloaded from. There is nothing suspicious about the website itself. (https://www.moddb.com/)
On the forum dedicated to the game on Steam, alot of people have brought up the fact that their antivirus program treat the patch (.exe) as suspicious or even as a virus.
Many users ignore the warnings of their antivirus and run and use the program anyways. Because it's an easy way to get the game to run.
I think the .exe itself is an installer for the patch for the game. Probably an "unpacker" of sorts.
(User run program -> User selects game directory in the installer -> Program places a bunch of files and such in the game directory + a folder structure -> Patch Finished/Installed)
There is alot of people who say it is a false positive and there is nothing to be worried about, that the antivirus treat it as suspicious because it is an .exe file. That the creator is trusted and alot of people are using the patch etc...
Thank you for reading.
Sorry for the long post and bad English.
Best answer by Wesly.Zhang
HideExec，it maybe means the detected file contain a type of "execute code or file hidden in a file" technolgy.
The detected file is suspicious. You should delete this file.