TPrince Posted June 8, 2023 Posted June 8, 2023 Any reason why my virus protection is flagging a file after the update? Below is the error message Infected file detected now Feature: Antivirus The file C:\Program Files\Eagle Dynamics\DCS World OpenBeta\CoreMods\aircraft\C-101\bin\C101Core.dll is infected with Gen:Suspicious.Cloud.4.gy4@a8i6Rsbi and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean. Processor AMD Ryzen 9 7900X 12-Core Processor 4.70 GHz Installed RAM 32.0 GB (31.7 GB usable) Graphics Card NVIDIA GeForce RTX 4070 TI 4 K Monitor ASUS VG34V
Yurgon Posted June 8, 2023 Posted June 8, 2023 Broadly speaking, various Anti-Virus vendors have flagged DCS-related files in the past, and will most likely keep doing so in the future. They maintain a list of known virus file signatures, and then they also perform a heuristic analysis on many files that don't match such signatures - and that heuristic scanner tends to see certain patterns in DCS-related files that are also seen in some viruses. And an AV would rather flag a false positive than miss an actual virus. I've never, ever heard of DCS itself shipping a virus, and the easiest solution is to add an exception in your AV to the entire DCS installation folder; by default, that's: C:\Program Files\Eagle Dynamics\DCS World or C:\Program Files\Eagle Dynamics\DCS World OpenBeta You could also un-quarantine the file in question and upload it to virustotal to have it scanned with a multitude of AV engines. If more than 2 or 3 engines flag the file, it might warrant further investigation. 2
TPrince Posted June 8, 2023 Author Posted June 8, 2023 TYVM.. I will do exactly that. First time it has ever happened with DCS for me Processor AMD Ryzen 9 7900X 12-Core Processor 4.70 GHz Installed RAM 32.0 GB (31.7 GB usable) Graphics Card NVIDIA GeForce RTX 4070 TI 4 K Monitor ASUS VG34V
LCL_Babar_fr Posted June 8, 2023 Posted June 8, 2023 BitDefender provide same flag, and antivirus block some weird website. Before thrusting everything I will wait for a new patch and or a DCS communication, just in case their update system has been hacked
stelr Posted June 8, 2023 Posted June 8, 2023 Just downloaded the update and had a similar message from BitDefender but with a different file. Mine said..."The file C:\Program Files\Eagle Dynamics\DCS World OpenBeta\CoreMods\aircraft\Mirage-F1\bin\MirageF1Core.dll is infected with Gen:Variant.Tedy.380857 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean." This appears to be a Mod File (CoreMods), but I do not use mods and do not own the MirageF1.
Yurgon Posted June 8, 2023 Posted June 8, 2023 (edited) 9 minutes ago, stelr said: This appears to be a Mod File (CoreMods), but I do not use mods and do not own the MirageF1. As I understand it, the folder "CoreMods" holds data for all DCS aircraft. Even though you don't own the Mirage F1, if you see one in a mission, DCS needs to have the external model, textures, flight model data and so on and so forth. And all that stuff is stored in CoreMods. If you owned the Mirage F1, you'd have additional data in "Mods\Aircraft" with all the cockpit data, input config, and so on. Edit: And as said above, you can submit the file in question to Virustotal and have it scanned with a multitude of Antivirus engines. The engine of your AV should obviously flag it there as well (or maybe not, since it could already have received an update and no longer sees a problem), and you can check which other engines consider the file to be harmful or suspicious. Edited June 9, 2023 by Yurgon 1 1
Recommended Posts