Why does Windows 10 antivirus detect KSP as virus

[Pawelk198604]

as above.Win32/Cirtet.bs 

Edited March 23, 2018 by Pawelk198604

[Foxster]

Have you updated your virus definitions lately?

[Zeiss Ikon]

Most likely, it's what's called a "false positive."

Virus detection depends on looking for "signatures" -- little bits of code, small enough to search efficiently, and reasonably unique to a particular routine used in (hopefully) a number of different malware packages.  Depending on the choice of signature, however, it may turn out to be library code -- that is, reusable code snippets that are supplied by a programming tool or environment -- rather than anything actually specific to malware.  Further, even non-library code can sometimes be similar to code used in malware, because legitimate software needs to do most of the same things malware does, just not in the same order or manner.  Copy files, communicate over the network, be flexible in network detection, even encrypting files (a common operation for ransomware) is a completely legitimate operation (say you want to send something and don't want anyone who intercepts the message to be able to read it...).

Given that everything malware does is also a legitimate operation under different intent or circumstances, it's not rare for software (in my experience, especially installers) to give false positives in malware detection scans.

It does, however, complicate life, especially since some well publicized incidents where large software publishers inadvertently distributed large numbers of their software packages in which some modules were infected with malware.  Is that really a false positive, or did Squad/Private Division actually send out infected software, presumably without intending to?  The only way to be sure is watch for the reports of others.  I've seen a number of reports of updated definitions eliminating the warning about files in the KSP/MH packages being infected with Windows malware, which tends to suggest that the report was a false positive in the first place.  Since I run Ubuntu, it didn't bother me anyway -- you can drop all the Windows malware you want on my system, it won't run (not to say there isn't Linux malware, but virtually all of it is aimed at servers and doesn't do anything significant on a desktop machine).