ESET Antivirus quarantines two files rendering the F1 inaccessible

[Hobo 1-1]

When loading DCS, ESET identifies two files as “malicious” and deletes them. Unfortunately ESET doesn’t tell me which two specific files it erroneously thinks are suspect. When I attempt to load an instant mission I am unable to enter the aircraft. When I click “Fly” from the briefing window rather than being dropped into the cockpit I wind up at the F-10 map. I can exit the mission as normal with no freezes or crashes. The next time I launch the game I am informed the F1 module is unauthorized and will be disabled, and it is. The simple work around is to carve out a scan exemption for DCS and everything works as advertised (once I run a repair).

Obviously ESET is mistaken. Any idea why this would happen? Ideally I’d prefer no scan exemptions, but I can live with it as is. Really I’m just curious as to what would cause the false positive.

ETA - this is specific to the F1. All my other modules work as normal 

Edited July 24, 2022 by Hobo 1-1

[Ala13_ManOWar]

Pretty usual antiviruses mistake some legit file for malware. Usually you have to set the whole DCS install folder as "secure", "no search here", whatever the name in your antivirus is, and it won't bother you any more.

If you like, you know you can usually send some kind of report about false positives and they'll check for it, but preventing the antivirus from messing in your install should be enough.

Edited July 24, 2022 by Ala13_ManOWar

[Rudel_chw]

30 minutes ago, Hobo 1-1 said:

Obviously ESET is mistaken. Any idea why this would happen?

 

Because Antiviruses are worthless?   ...  seriously, for me its an issue of trust, who do I trust more?  ESET or Eagle Dynamics?  ... on my case, I trust ED more, so I had no problem in setting an exclusion for both DCS folders that I have, at /Program Files/Eagle Dynamics/ and at /Saved Games/

 

For another point of view, check this OP's thread:

 

 

For yet another POV, check this:

 

 

Edited July 24, 2022 by Rudel_chw

[Hiob]

wtf is ESET? Another snake oil anti-virus? Just use the default ms defender and call it a day. Most other anti virus/malware programs do more harm than good.

[silverdevil]

9 minutes ago, Hiob said:

wtf is ESET? Another snake oil anti-virus? Just use the default ms defender and call it a day. Most other anti virus/malware programs do more harm than good.

i had a client that had ESET on an Exchange server and every time it updated, blocked a DLL, no mail.

[Rudel_chw]

46 minutes ago, Hiob said:

Just use the default ms defender and call it a day

 

All antivirus are prone to detect false-positives every now and then ... even MS Defender.  I use Defender and I do have exclusions in place for DCS.

[Shibbyland]

I've got the same issue with ESET. In my case it deleted four files. You can probably submit the files for ESET to exclude or just turn off its scanning of DCS.

I tend to think with Eagle Dynamics, it's in their best interest not to use malware on their customers.

EDIT: These are the files. Identified as trojans

 

Win64/Packed.VMProtect.L 

Edited July 25, 2022 by Shibbyland

[Hiob]

6 hours ago, Rudel_chw said:

 

All antivirus are prone to detect false-positives every now and then ... even MS Defender.  I use Defender and I do have exclusions in place for DCS.

True. Hasn’t happened with DCS for me though. 

Edit: My reasoning is this. By today Defender competes easily with the top third party applications but has the advantage to be built into windows from the get go. From my experience - the less third party applications are running (in the background), the better windows runs.

By no means is Defender flawless. But from my pov it‘s the lesser evil nowadays by far. And as of now (knock on would) hasn’t interfered with DCS at all, even without folder exceptions. 

Edited July 25, 2022 by Hiob

[zildac]

wtf is ESET? Another snake oil anti-virus? Just use the default ms defender and call it a day. Most other anti virus/malware programs do more harm than good.

Been running it for years (nod32).

[silverdevil]

18 hours ago, Rudel_chw said:

 

All antivirus are prone to detect false-positives every now and then ... even MS Defender.  I use Defender and I do have exclusions in place for DCS.

i agree. i did not mean to sound like ESET is bad or any different than any other AV. ESET is leaning towards the stricter side. it has been around for many years and it improves year after year. i personally use Acronis Active Protection and Webroot. Neither has complained about DCS. Dell AWCC comes up all the time...

[Black6]

If I have to decide what to trust – antivirus which I’m using for twenty years without any problem or brand new subject I choose the antivirus. Reported infection – Win64/Packed.VMProtect.L – seems not to be dangerous, but to disable protection for whole game? DCS is updated quite often and when playing online, you are connected. What if the next threat will be critical?
I was looking forward to F1 very much, but now I decided not to install present version and wait for the correction from Aerges. If this issue wasn’t intentional they will correct it in following updates, else I’m prepared to omit this module.

Edited August 6, 2022 by Black6

[sedenion]

Win64/Packed.VMProtect.E seem to be often detected by ESET and sometimes McAffy on various games. Description on ESET website :

Quote

Detailed description for this variant is currently not available.

Thanks ESET for this brilliant and meaningful security report.

I am always amused to see antivirus and projection software screaming for "trojan alert" considering the true nature of Microsoft Windows and how easy it is to fool antivirus. What I will say here, will shock people but I don't care: As a general case, with variations from one editor to another, antivirus and protection softwares are illusion of security highly costly in terms of computing resource, and sometimes, in terms of money.

Prefer to choose antivirus software according the less computing resources it use to pretend protecting you while it sends your computer usage statistics to motherhouse, in order to disable those integrated in Windows (especially the Antimalware service) that do the same but in an even more costly way while deleting files that Microsoft don't like.

Spoiler

If you are sufficiently self-confident in your capacity to detect "bad software", you can even live quietly without any antivirus, even without those integrated in Windows.
if you have enough competencies to disable and/or uninstall "Windows Defender" and "Antimalware service executable", this generally mean you can live without any antivirus software, knowing that the zero-risk does not exist except unplugging the ethernet cable.

Some real good things you can do to secure your computer:

• Install an Ad Blocker to your browser. Some of them probably send report to motherhouse (everybody does that nowaday) but they will blocks almost all scam attempt.
• Be care of what you download and install in your computer, do not rely on your "antivirus" or "antimalware" software, use your brain.
• Learn to recognize scam and phishing mails, be careful before opening joint pieces.

Edited August 6, 2022 by sedenion

[Rudel_chw]

39 minutes ago, sedenion said:

Thanks ESET for this brilliant and meaningful security report.

Fully agree with your post. Here is an interesting view on the "business" hiding behind microsoft defender:

 

 

2 hours ago, Black6 said:

I was looking forward to F1 very much, but now I decided not to install present version and wait for the correction from Aerges. If this issue wasn’t intentional they will correct it in following updates, else I’m prepared to omit this module.

You already purchased a 60 dollar module and will not use it because of this?  I’m speechless.

[sedenion]

35 minutes ago, Rudel_chw said:

Fully agree with your post. Here is an interesting view on the "business" hiding behind microsoft defender:

Oh mate... the certificate business, this scam that runs since the "green lock in address bar" delirium... Or how to pretend security by exposing $igned $$L certificate while sensitive data are saved in plain text in database. And now they do the same for softwares, with other goals, while most of available software in "software centers" (especially smartphones) are full of security breach when not pure scams... Not to mention Windows 11 that comes slowly with its "Trusted Platform Module" scam to prevent you to use your computer as you want.

Edited August 6, 2022 by sedenion

[silverdevil]

7 hours ago, sedenion said:

use your brain

this is probably the most wise post ever lol. 

[zildac]

this is probably the most wise post ever lol. 

Security is mostly a layer 8 issue at the end of all the controls....

[silverdevil]

3 minutes ago, zildac said:

layer 8 issue

LOL indeed. 3 point contact. neck + 2 ass cheeks = 3