Hobo 1-1 Posted July 24, 2022 Posted July 24, 2022 (edited) When loading DCS, ESET identifies two files as “malicious” and deletes them. Unfortunately ESET doesn’t tell me which two specific files it erroneously thinks are suspect. When I attempt to load an instant mission I am unable to enter the aircraft. When I click “Fly” from the briefing window rather than being dropped into the cockpit I wind up at the F-10 map. I can exit the mission as normal with no freezes or crashes. The next time I launch the game I am informed the F1 module is unauthorized and will be disabled, and it is. The simple work around is to carve out a scan exemption for DCS and everything works as advertised (once I run a repair). Obviously ESET is mistaken. Any idea why this would happen? Ideally I’d prefer no scan exemptions, but I can live with it as is. Really I’m just curious as to what would cause the false positive. ETA - this is specific to the F1. All my other modules work as normal Edited July 24, 2022 by Hobo 1-1
Ala13_ManOWar Posted July 24, 2022 Posted July 24, 2022 (edited) Pretty usual antiviruses mistake some legit file for malware. Usually you have to set the whole DCS install folder as "secure", "no search here", whatever the name in your antivirus is, and it won't bother you any more. If you like, you know you can usually send some kind of report about false positives and they'll check for it, but preventing the antivirus from messing in your install should be enough. Edited July 24, 2022 by Ala13_ManOWar 2 "I went into the British Army believing that if you want peace you must prepare for war. I believe now that if you prepare for war, you get war." -- Major-General Frederick B. Maurice
Rudel_chw Posted July 24, 2022 Posted July 24, 2022 (edited) 30 minutes ago, Hobo 1-1 said: Obviously ESET is mistaken. Any idea why this would happen? Because Antiviruses are worthless? ... seriously, for me its an issue of trust, who do I trust more? ESET or Eagle Dynamics? ... on my case, I trust ED more, so I had no problem in setting an exclusion for both DCS folders that I have, at /Program Files/Eagle Dynamics/ and at /Saved Games/ For another point of view, check this OP's thread: For yet another POV, check this: Edited July 24, 2022 by Rudel_chw 2 For work: iMac mid-2010 of 27" - Core i7 870 - 6 GB DDR3 1333 MHz - ATI HD5670 - SSD 256 GB - HDD 2 TB - macOS High Sierra For Gaming: 34" Monitor - Ryzen 3600 - 32 GB DDR4 2400 - nVidia RTX2080 - SSD 1.25 TB - HDD 10 TB - Win10 Pro - TM HOTAS Cougar Mobile: iPad Pro 12.9" of 256 GB
Hiob Posted July 24, 2022 Posted July 24, 2022 wtf is ESET? Another snake oil anti-virus? Just use the default ms defender and call it a day. Most other anti virus/malware programs do more harm than good. 6 "Muß ich denn jedes Mal, wenn ich sauge oder saugblase den Schlauchstecker in die Schlauchnut schieben?"
silverdevil Posted July 24, 2022 Posted July 24, 2022 9 minutes ago, Hiob said: wtf is ESET? Another snake oil anti-virus? Just use the default ms defender and call it a day. Most other anti virus/malware programs do more harm than good. i had a client that had ESET on an Exchange server and every time it updated, blocked a DLL, no mail. AKA_SilverDevil Join AKA Wardogs Email Address My YouTube “The MIGS came up, the MIGS were aggressive, we tangled, they lost.” - Robin Olds - An American fighter pilot. He was a triple ace. The only man to ever record a confirmed kill while in glide mode.
Rudel_chw Posted July 24, 2022 Posted July 24, 2022 46 minutes ago, Hiob said: Just use the default ms defender and call it a day All antivirus are prone to detect false-positives every now and then ... even MS Defender. I use Defender and I do have exclusions in place for DCS. 3 For work: iMac mid-2010 of 27" - Core i7 870 - 6 GB DDR3 1333 MHz - ATI HD5670 - SSD 256 GB - HDD 2 TB - macOS High Sierra For Gaming: 34" Monitor - Ryzen 3600 - 32 GB DDR4 2400 - nVidia RTX2080 - SSD 1.25 TB - HDD 10 TB - Win10 Pro - TM HOTAS Cougar Mobile: iPad Pro 12.9" of 256 GB
Shibbyland Posted July 25, 2022 Posted July 25, 2022 (edited) I've got the same issue with ESET. In my case it deleted four files. You can probably submit the files for ESET to exclude or just turn off its scanning of DCS. I tend to think with Eagle Dynamics, it's in their best interest not to use malware on their customers. EDIT: These are the files. Identified as trojans Win64/Packed.VMProtect.L Edited July 25, 2022 by Shibbyland 1
Hiob Posted July 25, 2022 Posted July 25, 2022 (edited) 6 hours ago, Rudel_chw said: All antivirus are prone to detect false-positives every now and then ... even MS Defender. I use Defender and I do have exclusions in place for DCS. True. Hasn’t happened with DCS for me though. Edit: My reasoning is this. By today Defender competes easily with the top third party applications but has the advantage to be built into windows from the get go. From my experience - the less third party applications are running (in the background), the better windows runs. By no means is Defender flawless. But from my pov it‘s the lesser evil nowadays by far. And as of now (knock on would) hasn’t interfered with DCS at all, even without folder exceptions. Edited July 25, 2022 by Hiob "Muß ich denn jedes Mal, wenn ich sauge oder saugblase den Schlauchstecker in die Schlauchnut schieben?"
zildac Posted July 25, 2022 Posted July 25, 2022 wtf is ESET? Another snake oil anti-virus? Just use the default ms defender and call it a day. Most other anti virus/malware programs do more harm than good.Been running it for years (nod32). 1 14900KS | Maximus Hero Z690 | ASUS 4090 TUF OC | 64GB DDR5 6600 | DCS on 2TB NVMe | WarBRD+Warthog Stick | CM3 | TM TPR's | Varjo Aero
silverdevil Posted July 25, 2022 Posted July 25, 2022 18 hours ago, Rudel_chw said: All antivirus are prone to detect false-positives every now and then ... even MS Defender. I use Defender and I do have exclusions in place for DCS. i agree. i did not mean to sound like ESET is bad or any different than any other AV. ESET is leaning towards the stricter side. it has been around for many years and it improves year after year. i personally use Acronis Active Protection and Webroot. Neither has complained about DCS. Dell AWCC comes up all the time... 2 AKA_SilverDevil Join AKA Wardogs Email Address My YouTube “The MIGS came up, the MIGS were aggressive, we tangled, they lost.” - Robin Olds - An American fighter pilot. He was a triple ace. The only man to ever record a confirmed kill while in glide mode.
Black6 Posted August 6, 2022 Posted August 6, 2022 (edited) If I have to decide what to trust – antivirus which I’m using for twenty years without any problem or brand new subject I choose the antivirus. Reported infection – Win64/Packed.VMProtect.L – seems not to be dangerous, but to disable protection for whole game? DCS is updated quite often and when playing online, you are connected. What if the next threat will be critical? I was looking forward to F1 very much, but now I decided not to install present version and wait for the correction from Aerges. If this issue wasn’t intentional they will correct it in following updates, else I’m prepared to omit this module. Edited August 6, 2022 by Black6 1
sedenion Posted August 6, 2022 Posted August 6, 2022 (edited) Win64/Packed.VMProtect.E seem to be often detected by ESET and sometimes McAffy on various games. Description on ESET website : Quote Detailed description for this variant is currently not available. Thanks ESET for this brilliant and meaningful security report. I am always amused to see antivirus and projection software screaming for "trojan alert" considering the true nature of Microsoft Windows and how easy it is to fool antivirus. What I will say here, will shock people but I don't care: As a general case, with variations from one editor to another, antivirus and protection softwares are illusion of security highly costly in terms of computing resource, and sometimes, in terms of money. Prefer to choose antivirus software according the less computing resources it use to pretend protecting you while it sends your computer usage statistics to motherhouse, in order to disable those integrated in Windows (especially the Antimalware service) that do the same but in an even more costly way while deleting files that Microsoft don't like. Spoiler If you are sufficiently self-confident in your capacity to detect "bad software", you can even live quietly without any antivirus, even without those integrated in Windows. if you have enough competencies to disable and/or uninstall "Windows Defender" and "Antimalware service executable", this generally mean you can live without any antivirus software, knowing that the zero-risk does not exist except unplugging the ethernet cable. Some real good things you can do to secure your computer: Install an Ad Blocker to your browser. Some of them probably send report to motherhouse (everybody does that nowaday) but they will blocks almost all scam attempt. Be care of what you download and install in your computer, do not rely on your "antivirus" or "antimalware" software, use your brain. Learn to recognize scam and phishing mails, be careful before opening joint pieces. Edited August 6, 2022 by sedenion 2
Rudel_chw Posted August 6, 2022 Posted August 6, 2022 39 minutes ago, sedenion said: Thanks ESET for this brilliant and meaningful security report. Fully agree with your post. Here is an interesting view on the "business" hiding behind microsoft defender: 2 hours ago, Black6 said: I was looking forward to F1 very much, but now I decided not to install present version and wait for the correction from Aerges. If this issue wasn’t intentional they will correct it in following updates, else I’m prepared to omit this module. You already purchased a 60 dollar module and will not use it because of this? I’m speechless. 3 For work: iMac mid-2010 of 27" - Core i7 870 - 6 GB DDR3 1333 MHz - ATI HD5670 - SSD 256 GB - HDD 2 TB - macOS High Sierra For Gaming: 34" Monitor - Ryzen 3600 - 32 GB DDR4 2400 - nVidia RTX2080 - SSD 1.25 TB - HDD 10 TB - Win10 Pro - TM HOTAS Cougar Mobile: iPad Pro 12.9" of 256 GB
sedenion Posted August 6, 2022 Posted August 6, 2022 (edited) 35 minutes ago, Rudel_chw said: Fully agree with your post. Here is an interesting view on the "business" hiding behind microsoft defender: Oh mate... the certificate business, this scam that runs since the "green lock in address bar" delirium... Or how to pretend security by exposing $igned $$L certificate while sensitive data are saved in plain text in database. And now they do the same for softwares, with other goals, while most of available software in "software centers" (especially smartphones) are full of security breach when not pure scams... Not to mention Windows 11 that comes slowly with its "Trusted Platform Module" scam to prevent you to use your computer as you want. Edited August 6, 2022 by sedenion 1
silverdevil Posted August 6, 2022 Posted August 6, 2022 7 hours ago, sedenion said: use your brain this is probably the most wise post ever lol. 1 AKA_SilverDevil Join AKA Wardogs Email Address My YouTube “The MIGS came up, the MIGS were aggressive, we tangled, they lost.” - Robin Olds - An American fighter pilot. He was a triple ace. The only man to ever record a confirmed kill while in glide mode.
zildac Posted August 6, 2022 Posted August 6, 2022 this is probably the most wise post ever lol. Security is mostly a layer 8 issue at the end of all the controls.... 2 14900KS | Maximus Hero Z690 | ASUS 4090 TUF OC | 64GB DDR5 6600 | DCS on 2TB NVMe | WarBRD+Warthog Stick | CM3 | TM TPR's | Varjo Aero
silverdevil Posted August 6, 2022 Posted August 6, 2022 3 minutes ago, zildac said: layer 8 issue LOL indeed. 3 point contact. neck + 2 ass cheeks = 3 2 AKA_SilverDevil Join AKA Wardogs Email Address My YouTube “The MIGS came up, the MIGS were aggressive, we tangled, they lost.” - Robin Olds - An American fighter pilot. He was a triple ace. The only man to ever record a confirmed kill while in glide mode.
Recommended Posts