Lately, the majority of the Windows users are noticing their anti-virus applications flag a file named sihclient.exe as a threat to their system. Your firewall will most likely block this file and put it in the virus chest (or ask you to confirm).
What is sihclient.exe and is it dangerous?
Sihclient.exe is a Server-Initiated Healing Client and Windows 10 runs this every day to repair any damage to the operating system. This is Windows’ own file and it is a legitimate file that is essential for the Windows updates. You can even check the scheduled task related to Sihclient.exe from the task scheduler. Here are the steps for checking the SIH’s schedule
- Hold Windows key and press R
- Type “taskschd.msc” and press Enter
- Double-click Task Scheduler from the left pane
- Double-click Microsoft from the left pane
- Double click Windows from the left pane
- Select Windows Update from the left pane
You should be able to see a task named sih (or a variation of that) in the mid-top pane. If you select the sih scheduled task you should also be able to see its details. In its description, it should describe SIH as the Server Initiated Healing Client.
Now although it is a legitimate file, this doesn’t mean that you should always let it run. Malware can easily name itself sihclient.exe and cause damage to your system. If your security application or firewall is flagging this file then you should definitely scan your system with an antivirus application. You can also determine whether the file is legitimate or not by looking at its scheduled time. Look at the sih’s scheduled run time by following the steps given above. For example, in my case, it is scheduled to run at 5 AM and after every 20 hours. So, I shouldn’t get the warning message every hour. So if you are getting warnings on random hours (when your sihclient isn’t supposed to run) then you should scan your system thoroughly. But, if you don’t want to scan your whole system then we recommend you either use another antivirus program to see if that catches the same file or use VirusTotal.
What is VirusTotal?
VirusTotal is a website where you can upload the files and it will tell you whether the file contains any malicious component. Click here and click Choose File then select the file flagged by your antivirus. Check if it flags the file or not. If it doesn’t then simply ignore the warning and add the file to the whitelist. You should also update the antivirus program.
On the other hand, if the VirusTotal flags your file as a threat then we recommend you perform a full scan with your antivirus.
What should I do if I find a false positive?
First of all, you should take the file out of the virus vault because your antivirus will block it. You can open your antivirus application then go to Protection > Virus Chest > right click your file > Select Restore and add an exclusion.
Although these steps are for Avast antivirus these steps should apply to other antivirus applications as well. Every antivirus has a virus vault and provides an option to restore the files from there.
You should also upload the file to the false-positive form to let Avast know about the file. This will prevent any future false positives and be beneficial for everyone.
Scan with Microsoft Security Scanner
In some situations, if another file has disguised itself as the file, you will be unable to identify it from the real sihclient.exe file and it can seriously damage your computer’s integrity if that is the case. Therefore, in this step, we will be running the Microsoft Security Scanner to verify that the file is safe and that it hasn’t actually been manipulated by malware or virus. For that:
- Launch your browser and download the Microsoft Security Scanner from here.
- After downloading the executable, run it on your computer and let it install.
- Accept the License Agreement terms and click on “Next”.
- Select “Full Scan” and click on “Next”.
- After you opt for a full scan, the software will start scanning your entire computer to look for any malware or viruses that might’ve disguised themselves as normal executables or applications.
- After the scan finishes, if no problems are found, you can go on with using your computer and let the sihclient.exe run in the background without any issues.
Still, Getting Notifications due to a False Positive?
If you have totally scanned your computer with Microsoft’s Security tool as indicated in the method above and are still experiencing these problems with the executable, we can try to update our Antivirus’s virus definitions which can sometimes be outdated and trigger such issues with clean files. In order to do that, we will include some instructions for some of the most popular third-party antivirus but you can check your own user manual for your specific software’s guide as well.
- Launch AVG Antivirus from the system tray or from its executable on the desktop.
- Click on the Menu icon and then select “Settings” from the list.
- Make sure that “General” is selected in the left panel and then click on “Updates”.
- Under the “Virus Definitions” heading, click on the “Check for Updates” button and let the software check for any available updates.
- The software will prompt you to download the updates if any are available.
- Run Avast from the system tray or from its executable and click on the “Menu” button up top.
- In the menu, click on the “Settings” option and then click on the “General” button on the left.
- Click on “Updates” and then click on the “Check for Updates” button under the Virus Definitions option.
- After the software finishes checking up for any available updates, it should notify you automatically.
- Check to see if the Antivirus still throws up false positives after completing this update.
- Run Malwarebytes on your computer from either the system tray or the executable.
- Click on the “Current” button in front of the “Updates” option on the lower right side of the main screen.
- The software should now automatically check for any available updates and install them on your computer automatically.