Jump to content

[RESOLVED]kaspersky and edCore.dll


ThorBrasil

Recommended Posts

Kaspersky is accusing edCore.dll as a virus. Disabling kaspersky and repairing DCS everything works perfectly. Please correct. :thumbup:

 

|Motherboard|: Asus TUF Gaming X570-PLUS,

|WaterCooler|: Corsair H115i Pro,

|CPU|: AMD Ryzen 7 3800X,

|RAM|: Corsair Vengeance LPX 32GB 3200MHz DDR4,

|SSD|: Kingston A2000 500GB M.2 NVMe,

|SSD|: Kingston 2.5´ 480GB UV400 SATA III,

|SSHD|: Seagate Híbrido 2TB 7200RPM SATA III,

|GPU|: MSI Gaming 980Ti,

|Monitor|: LG UltraWide 34UM68,

|Joystick 1|: Thrustmaster Hotas Warthog,

|Joystick 2|: T.Flight Rudder Pedals,

|Head Motion|: TrackIr 5.

 

Link to comment
Share on other sites

Please correct. :thumbup:

 

What can ED do to fix a crappy heuristic detection of a third party antivirus software?

 

Perhaps you should report the case on Kaspersky’s Forum rather than here.

 

For work: iMac mid-2010 of 27" - Core i7 870 - 6 GB DDR3 1333 MHz - ATI HD5670 - SSD 256 GB - HDD 2 TB - macOS High Sierra

For Gaming: 34" Monitor - Ryzen 3600X - 32 GB DDR4 2400 - nVidia GTX1070ti - SSD 1.25 TB - HDD 10 TB - Win10 Pro - TM HOTAS Cougar - Oculus Rift CV1

Mobile: iPad Pro 12.9" of 256 GB

Link to comment
Share on other sites

What can ED do to fix a crappy heuristic detection of a third party antivirus software?

 

Perhaps you should report the case on Kaspersky’s Forum rather than here.

 

I've never had problems with antivirus. It's the first time. :thumbup:

 

|Motherboard|: Asus TUF Gaming X570-PLUS,

|WaterCooler|: Corsair H115i Pro,

|CPU|: AMD Ryzen 7 3800X,

|RAM|: Corsair Vengeance LPX 32GB 3200MHz DDR4,

|SSD|: Kingston A2000 500GB M.2 NVMe,

|SSD|: Kingston 2.5´ 480GB UV400 SATA III,

|SSHD|: Seagate Híbrido 2TB 7200RPM SATA III,

|GPU|: MSI Gaming 980Ti,

|Monitor|: LG UltraWide 34UM68,

|Joystick 1|: Thrustmaster Hotas Warthog,

|Joystick 2|: T.Flight Rudder Pedals,

|Head Motion|: TrackIr 5.

 

Link to comment
Share on other sites

What can ED do to fix a crappy heuristic detection of a third party antivirus software?

 

Perhaps you should report the case on Kaspersky’s Forum rather than here.

 

It's not just Kaspersky reporting edCore.dll

 

Zonelabs is reporting edCore.dll as ransomware.

Asus ROG Strix B-560-F, Intel i9-11900k, EVGA GTX 3080 Ti FTW3 Ultra, Corsair Vengeance LPX 16GB (2x8GB) DDR4 PC4-24000, 1TB WD Blue SN550 NVME SSD, Asus PB287Q 28" 3840x2160 TN 4K, Thrustmaster Warthog + F/A-18 HOTAS, Thrustmaster MFD Cougar, Thrustmaster TFRP rudder, Razer orbweaver chroma.

The artist formerly known as VVS 504 Wolverine.

Link to comment
Share on other sites

It's not just Kaspersky reporting edCore.dll

 

Zonelabs is reporting edCore.dll as ransomware.

 

Well, I trust ED’s software, so I have excluded the /program files/eagle dynamics/ path and the /saved games/dcs.xxx path from the Antivirus action. Not only I’m now immune to these false positives, but also reduces stuttering when running DCS.

 

For work: iMac mid-2010 of 27" - Core i7 870 - 6 GB DDR3 1333 MHz - ATI HD5670 - SSD 256 GB - HDD 2 TB - macOS High Sierra

For Gaming: 34" Monitor - Ryzen 3600X - 32 GB DDR4 2400 - nVidia GTX1070ti - SSD 1.25 TB - HDD 10 TB - Win10 Pro - TM HOTAS Cougar - Oculus Rift CV1

Mobile: iPad Pro 12.9" of 256 GB

Link to comment
Share on other sites

dcs crash not opening

 

dcs 2.5.6.49314

 

code cannot be executed because edCore.dll not found.......do not tell me i have to reinstall everything:doh::doh::doh::doh::doh:

 

antivirus i have kaspersky. i gave consent to edcore.dll but still crashing on start

edcore.dll and worldgeneral.dll put out of quarantine but not solving


Edited by dave76
Link to comment
Share on other sites

Experiencing the same issue here as well.

i9-9900K, G.Skill 3200 32GB RAM, AORUS Z390 Pro Wifi, Gigabyte Windforce RTX 2080 Ti, Samsung 960 Pro NVMe 512G + 860 Pro 1T, TM Warthog HOTAS, VKB T-Rudder, Samsung O+

F/A-18C, F-16C, A-10C, UH-1, AV-8B, F-14, JF-17, FC3, SA342 Gazelle, L-39, KA-50, CEII, Supercarrier Preordered. (Almost abandoned: CA - VR support please?)

PG, NTTR

Link to comment
Share on other sites

Someone from you Kaspersky users should report false positive, so it get fixed for all.

 

https://support.kaspersky.com/1870

 

nah, not the best approach.

 

If your smoke detector triggered, you would check your house before accusing the smoke detector for a false alarm.

 

Same situation here.

 

I trust ED would not intentionally do harm to it's clients, but given the current circumstance where a lot of people/devs have to work remotely from their own devices, this in turn rises the risk profile of software development and its associated security.

 

There was a case not long ago that a well reputation developer unknowingly introduced virus/backdoor into its software because one of its core dev used a tempered compiler that he thought was legit.


Edited by ravenzino

i9-9900K, G.Skill 3200 32GB RAM, AORUS Z390 Pro Wifi, Gigabyte Windforce RTX 2080 Ti, Samsung 960 Pro NVMe 512G + 860 Pro 1T, TM Warthog HOTAS, VKB T-Rudder, Samsung O+

F/A-18C, F-16C, A-10C, UH-1, AV-8B, F-14, JF-17, FC3, SA342 Gazelle, L-39, KA-50, CEII, Supercarrier Preordered. (Almost abandoned: CA - VR support please?)

PG, NTTR

Link to comment
Share on other sites

  • ED Team

If you are seeing issues please submit the file to kaspersky, it will help

 

Thanks

smallCATPILOT.PNG.04bbece1b27ff1b2c193b174ec410fc0.PNG

Forum rules - DCS Crashing? Try this first - Cleanup and Repair - Discord BIGNEWY#8703 - Youtube - Patch Status

Windows 11, NVIDIA MSI RTX 3090, Intel® i9-10900K 3.70GHz, 5.30GHz Turbo, Corsair Hydro Series H150i Pro, 64GB DDR @3200, ASUS ROG Strix Z490-F Gaming, HP Reverb G2

Link to comment
Share on other sites

nah, not the best approach.

 

If your smoke detector triggered, you would check your house before accusing the smoke detector for a false alarm.

 

Same situation here.

 

I trust ED would not intentionally do harm to it's clients, but given the current circumstance where a lot of people/devs have to work remotely from their own devices, this in turn rises the risk profile of software development and its associated security.

 

There was a case not long ago that a well reputation developer unknowingly introduced virus/backdoor into its software because one of its core dev used a tempered compiler that he thought was legit.

 

 

Submitting it to Kaspersky means that they will investigate it and determine whether it is a false positive and remove the check if that is the case.

 

 

While I don't use Kaspersky I have run it through their online checking tool and it has come back clean - this can be got at through the link if you want to check yourself


Edited by hornblower793
Added results of scan

Windows 11 Home ¦ Z790 AORUS Elite AX motherboard ¦ i7-13700K ¦ 64GB Corsair Vengeance DDR5 memory @ 5600MHz ¦ Samsung 990 Pro 1TB SSD for OS, Samsung 980 Pro 2TB SSD for DCS ¦ MSI GeForce RTX 4090 Gaming X Trio 24GB ¦ Virpil WarBRD base with VFX grip, Thrustmaster A10c and F/A-18 grips ¦ VKB Gunfighter Mk4 and MCG Pro ¦ Thrustmaster Warthog Throttle ¦ VKB STECS Throttle ¦ Virpil TCS rotor base with Shark and AH-64D  grips ¦ MFG Crosswinds ¦ Total Controls Multi-Function Button Box ¦ Pimax Crystal

Link to comment
Share on other sites

If your smoke detector triggered, you would check your house before accusing the smoke detector for a false alarm.

 

Kaspersky won't whitelist automatically after you submit it, they will do exactly what you describe as "check your house before accusing smoke detector" and after that they will somehow resolve it.

 

By the way you can also check suspicious files using online services if you have doubts: https://www.virustotal.com/gui/home/upload

Link to comment
Share on other sites

EdCore.dll - Kaspersky Problem

 

I have a new problem with the edCore.dll and Kasperky.

I wanted to update the 2.5Beta version (has been running before) but after the update the virus protector Kasperski kept quarantining this file and I spent hours and hours and couldn't solve the problem.

So I need your help now, so that I can fly again.

With kind regards

Mick0815

Link to comment
Share on other sites

Kaspersky won't whitelist automatically after you submit it, they will do exactly what you describe as "check your house before accusing smoke detector" and after that they will somehow resolve it.

 

......

 

What you said is basically pack up a bag of air around the smoke detector and send it to the manufacturer to investigate. For the sake of discussion here, people surely can do that. But normally people would do it after checking around or asking the wife "hey honey, you did turn off the stove, didn't you?" The kids might help defending the wife out of pure love by saying like "how dare you questioning my mother!" But you know the question has to be asked...

 

 

 

So the point here is, a not so insignificant AV software flagged a potential issue of ED's software. Since we don't have visibility of its source code, we don't know it for sure if a potential risk has been brought into the game file, and therefore we ask ED to look into it.

 

Another thing to bear in mind is, it's not just virus that could trigger av software. Some software behaviours like unnecessary system authorisation, unclosed ports, etc, could also be used by hackers to penetrate your system, and therefore some comprehensive av softwares could detect and flag that as well.

 

While it is relatively clear to tell after analysis whether a virus is there or not, it is not so black-and-white for the av software company to conclude on the nature of a game file other than its unusual behaviour. A similar example could be an email client software on your iPhone requesting to use the camera. It's unusual and suspicious, but you can't tell it for sure whether or not it will cause a problem or be used to cause a problem. That's why usually av software will quarantine the suspicious file instead of deleting it, so you still can restore it if you are sure it is alright.

 

This again leads to asking ED to double check its software at least at source code level, to see whether the latest changes are all good and risk free.

 

While the op asking ED to fix it straight away could be a bit blunt and “jump the gun", it is actually indeed the developer's job and Due Diligence, and of its best interest, to make sure it's software is virus free and backdoor free.

 

What ED could do?

1. Consider Kaspersky AV's detection result, check the source code of the latest changes to make sure what it does is absolutely correct and necessary.

2. Remove those unnecessary software behaviours if identified, or change it to a safer way.

3. If confirmed nothing is wrong and nothing can be changed, the best way is to work with Kaspersky to resolve it. ED might not like it, and could be very much so for people who loves ED and everything ED does...

4. so, alternatively, ED can just say "f* it, we don't care", and simply mark it as a known issue and leave it there. In this case, we can only exclude ED's file or the entire directory from AV software, submitting the file to Kaspersky and hope they can one day update its database.

 

But be careful what we wish for. Excluding a file or directory is exactly what hackers like you to do... And hackers have automation tools to hunt you without necessarily specifically targeting you.

 

I'm a telecommunication professional and ex software engineer. No one need to take my word for it, but please do think about it.


Edited by ravenzino

i9-9900K, G.Skill 3200 32GB RAM, AORUS Z390 Pro Wifi, Gigabyte Windforce RTX 2080 Ti, Samsung 960 Pro NVMe 512G + 860 Pro 1T, TM Warthog HOTAS, VKB T-Rudder, Samsung O+

F/A-18C, F-16C, A-10C, UH-1, AV-8B, F-14, JF-17, FC3, SA342 Gazelle, L-39, KA-50, CEII, Supercarrier Preordered. (Almost abandoned: CA - VR support please?)

PG, NTTR

Link to comment
Share on other sites

Submitting it to Kaspersky means that they will investigate it and determine whether it is a false positive and remove the check if that is the case.

 

 

While I don't use Kaspersky I have run it through their online checking tool and it has come back clean - this can be got at through the link if you want to check yourself

 

 

Thanks for the info. I did that as well, and also got a bit confused by the result to be honest.

 

But again, we don't own the source code of the AV software or its databse, neither that of DCS. So either ED come back and say "we've checked, nothing wrong here" and push for Kaspersky to update its database, or ED change that line of code to avoid the triggering.

 

Or we just submit the file and wait, hope this is just a stupid mistake at Kaspersky side and they fix it by themselves... and risk our system security by excluding DCS from AV for the time being. But remember, if there's a unintended backdoor left open, people outside of ED could exploit it too. That's why excluding a file from AV is really not the best idea.

i9-9900K, G.Skill 3200 32GB RAM, AORUS Z390 Pro Wifi, Gigabyte Windforce RTX 2080 Ti, Samsung 960 Pro NVMe 512G + 860 Pro 1T, TM Warthog HOTAS, VKB T-Rudder, Samsung O+

F/A-18C, F-16C, A-10C, UH-1, AV-8B, F-14, JF-17, FC3, SA342 Gazelle, L-39, KA-50, CEII, Supercarrier Preordered. (Almost abandoned: CA - VR support please?)

PG, NTTR

Link to comment
Share on other sites

This short video explains in a simple way of how AV works. It's just the result of a quick search, so might not be ideal, but could help to get everyone one the same page.

 

i9-9900K, G.Skill 3200 32GB RAM, AORUS Z390 Pro Wifi, Gigabyte Windforce RTX 2080 Ti, Samsung 960 Pro NVMe 512G + 860 Pro 1T, TM Warthog HOTAS, VKB T-Rudder, Samsung O+

F/A-18C, F-16C, A-10C, UH-1, AV-8B, F-14, JF-17, FC3, SA342 Gazelle, L-39, KA-50, CEII, Supercarrier Preordered. (Almost abandoned: CA - VR support please?)

PG, NTTR

Link to comment
Share on other sites

Someone from you Kaspersky users should report false positive, so it get fixed for all.

 

https://support.kaspersky.com/1870

 

The problem is not from the antivirus.

The problem is in the edCore.dll file

It has been giving me problems for a long time and the only solution is dangerous because only if I deactivate the antivirus or make an exception with this DCS file it works.

I am not a programmer, you who are, look for the solution that is what your job is for.

In mine they do not allow me errors and less if they are a possible danger.

 

""Original message in Spanish""

""Mensaje original en español""

El problema no es de el antivirus.

El problema esta en el archivo edCore.dll

Lleva dándome problemas des hace tiempo y la uncia solución es peligrosa pues solo si desactivo el antivirus o hago una excepción con este archivo DCS funciona.

Yo no soy programador, ustedes que lo son busquen la solución que para eso es su oficio.

En el mio no me permiten errores y menos si son un posible peligro.

Link to comment
Share on other sites

The AV is part of the problem - in their quest to try and prevent zero-day attacks (new attack methods never seen before) the software does analysis for what could be suspicious behaviour and blocks on this basis.

 

 

The reason that all providers have a mechanism to submit files for analysis is because they know they don't get it right all the time. The very fact that I submitted this file to Kaspersky's own online analysis and it came back clean tells you that their is an inconsistency in their solution.

 

 

If a Kaspersky user would submit the file to them, they can work out why it is being flagged and adjust their definitions accordingly.

Windows 11 Home ¦ Z790 AORUS Elite AX motherboard ¦ i7-13700K ¦ 64GB Corsair Vengeance DDR5 memory @ 5600MHz ¦ Samsung 990 Pro 1TB SSD for OS, Samsung 980 Pro 2TB SSD for DCS ¦ MSI GeForce RTX 4090 Gaming X Trio 24GB ¦ Virpil WarBRD base with VFX grip, Thrustmaster A10c and F/A-18 grips ¦ VKB Gunfighter Mk4 and MCG Pro ¦ Thrustmaster Warthog Throttle ¦ VKB STECS Throttle ¦ Virpil TCS rotor base with Shark and AH-64D  grips ¦ MFG Crosswinds ¦ Total Controls Multi-Function Button Box ¦ Pimax Crystal

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...