Microsoft Defender says F15E is Potentially Unwanted.

[Major_Mayhem]

As much as it sound like joke considering the current drama, it's not a joke.

Windows Security is reporting 2 DLLe files in the F15 as potentially unwanted apps.

[Major_Mayhem]

At least It's a Low threat and probably a false positive.
I am not running any mods for it or even skins.
I am running a few mods for DCS for other AC and I have a couple of community made AC ... but none that have anything to do with the F15 (c or e) None of my AC Community mods require a paid mod or base AC.

And I haven't even flown the F15e once Nor have I set it up I have only downloaded it.

I wonder if this will create the same license issue that malwarebytes does.

[Havremonster]

I also got this Win32/Gamehack warning every time I start the sim, and now I got up this message: 

"Authorization is valid for 2d 23h 58m

The following DLCs are not authorized and will be 
disabled:
F-15E Suite 4+
M-2000C"

And now the F15e and M2000C are not in the sim anymore.

This is bad!

Edited June 9 by Havremonster

[draconus]

8 hours ago, Major_Mayhem said:

potentially unwanted

It says "potentially" because the software doesn't know - it's just a result of heuristic analysis.

If you trust that ED files are fine - you need to allow the file to be kept, unquarantine it, make a exception - and finally run DCS repair.

[BuLLeT.ZA]

This is nothing new, and not special to the F-15E or Razbam.

Various modules from various creators have all generated these false positives for a long time now.

Not sure what causes it.

Draconus has the solution above.

[draconus]

4 minutes ago, BuLLeT.ZA said:

Not sure what causes it.

Most AV software these days no longer rely on basic virus code signatures, since these got dynamic in nature and were made to workaround it. So the AV software uses other methods, ie. heuristic analysis - which checks the app behavior patterns. Since ED uses some packing and cryptoghaphy methods similar to those used in modern viruses/malware it triggers "potentially unwanted" alarms, thus so called "false positive" detections in their dll files. Can happen to any module and any software.

[Heesh]

Kind of weird that it only happens to be DLLs related to RAZBAM modules like the Mirage, Harrier and F15 for me. None of the other modules / DCS related DLLs ever produced such warnings on my side. Given the current situation it's at least a little bit strange!

[SkateZilla]

9 hours ago, Havremonster said:

I also got this Win32/Gamehack warning every time I start the sim, and now I got up this message: 

"Authorization is valid for 2d 23h 58m

The following DLCs are not authorized and will be 
disabled:
F-15E Suite 4+
M-2000C"

And now the F15e and M2000C are not in the sim anymore.

This is bad!

 

because your Anti-Virus quaraunteen'd the DLLs, run a repair.

Then Make the DCS Folder (*technically any game drive*) should be except from Realtime protection.

otherwise DCS is bottlenecked by AV software scanning every file as it's being accessed.

[draconus]

15 minutes ago, Heesh said:

Kind of weird that it only happens to be DLLs related to RAZBAM

Not true.

[Heesh]

23 minutes ago, draconus said:

Not true.

Yeah as I said:

39 minutes ago, Heesh said:

[..] on my side.

Even in the thread you linked most people have issues with RAZBAM DLLs and only one person states that more than RAZBAM DLLs are affected on his end. So it's a coincidence none the less as I said before.

*edit: I am not scared by the alerts and thinking that those are false positives indeed. Adding the whole DCS folder as an exclusion makes sense I guess especially performance wise.

Edited June 10 by Heesh

[Psychotoddler]

Just happened to me too, just the F15e.  I had windows remove the files, and now I can't seem to get into the cockpit of the f15.  the F4 is running fine, though.

[MAXsenna]

Just happened to me too, just the F15e.  I had windows remove the files, and now I can't seem to get into the cockpit of the f15.  the F4 is running fine, though.

It's probably due to the Razbam modules not getting updates for a while, and now did in the latest patch.

Sent from my SM-A536B using Tapatalk

[Ophois47]

I'm also experiencing this. Extremely disappointing. 

[MAXsenna]

I'm also experiencing this. Extremely disappointing. 

In what way?

Sent from my SM-A536B using Tapatalk

[zetikka]

Same problem here, started two days ago on the F-15E module (Windows 11). DLLs quarantined and, of course, SE module is now non-operational as a result.

A friend got the same prompt on Sunday (Windows 10), but in his case on both F-15E and AV-8B modules.

Fun thing is that I have AV-8B module as well, but no Defender warning on it. Go figure out... 

I am buying the false positive hypothesis if ED confirms it - after all these are modules they sell and distribute updates for, if they create conflicts with host OS they should come forward and confirm (or not) this is benign. 

[BJ55]

On 6/10/2024 at 10:23 AM, Heesh said:

only one person states that more than RAZBAM DLLs are affected on his end

Indeed.. I'm not the only one.

 

[strikeeagle]

On 6/10/2024 at 2:03 AM, BuLLeT.ZA said:

This is nothing new, and not special to the F-15E or Razbam.

Various modules from various creators have all generated these false positives for a long time now.

Not sure what causes it.

Draconus has the solution above.

 

Had it for the F-14 using Webroot.

[pii]

On 6/9/2024 at 5:39 PM, Major_Mayhem said:

As much as it sound like joke considering the current drama, it's not a joke.

Windows Security is reporting 2 DLLe files in the F15 as potentially unwanted apps.

I get lots of Antivirus hits on lots of DCS stuff

[Rudel_chw]

1 hour ago, pii said:

I get lots of Antivirus hits on lots of DCS stuff

 

I get none ... guess the AV exclusion does work  

[pii]

2 hours ago, Rudel_chw said:

 

I get none ... guess the AV exclusion does work  

until the next time

[pii]

On 6/10/2024 at 3:54 AM, SkateZilla said:

because your Anti-Virus quaraunteen'd the DLLs, run a repair.

Then Make the DCS Folder (*technically any game drive*) should be except from Realtime protection.

otherwise DCS is bottlenecked by AV software scanning every file as it's being accessed.

Last night, my F15 stopped working, so I checked AV and restored the files, but it still won't work says it has been disabled' guess its time for a repair.

 

On a side note, I heard the radar issue was caused by a programmer who installed a bomb if he wasn't paid. Maybe this is also part of his plan. Hope not!

[SkateZilla]

2 minutes ago, pii said:

Last night, my F15 stopped working, so I checked AV and restored the files, but it still won't work says it has been disabled' guess its time for a repair.

 

On a side note, I heard the radar issue was caused by a programmer who installed a bomb if he wasn't paid. Maybe this is also part of his plan. Hope not!

The radar disabling code was fixed in the last patch and unrelated,

if your DCS Folder isnt excempt from RealTimeScan/Protection, your AV will continue to put DLLs in quarantine or delete them.

[pii]

1 hour ago, SkateZilla said:

The radar disabling code was fixed in the last patch and unrelated,

if your DCS Folder isnt excempt from RealTimeScan/Protection, your AV will continue to put DLLs in quarantine or delete them.

But how do you know they are unrelated? If he planted bombs to screw up the radar, he could have added many more to go off. Who knows when?

 

As for the AV hits on the F15, they have not been flagged or quarantined since, but it's still not working—it's time for a repair. Oh, I also use MacAfees, and I can't find how to exclude files or folders. Anyone?

[SkateZilla]

17 minutes ago, pii said:

But how do you know they are unrelated? If he planted bombs to screw up the radar, he could have added many more to go off. Who knows when?

 

As for the AV hits on the F15, they have not been flagged or quarantined since, but it's still not working—it's time for a repair. Oh, I also use MacAfees, and I can't find how to exclude files or folders. Anyone?

The lines to disable the radar are standard environment.system time request lines (getSystemTimeAsFileTime), nothing a AV would flag.

if the file was deleted by the AV previously, it wouldn't flag after, if the file was "Patched" by the AV it wouldnt flag, nor load the library when DCS Launches.

Attach your DCS.Log,

But I can almost garauntee your AV Suite nuked the file or tried to patch it, in which case it fails the DRM check and isnt loaded by DCS which causes modules not to load.

Edited July 14 by SkateZilla

[rob10]

1 hour ago, pii said:

But how do you know they are unrelated? If he planted bombs to screw up the radar, he could have added many more to go off. Who knows when?

Primarily because he publicly admitted he had put that in (and that it was aimed at Razbam, not ED) and had told Razbam at the time when he inserted it.  Why would he admit that if he had other stuff in there?

Secondarily, certain AV's (McAfee being one of the leading offenders, ESET and Kapersky being right up there with it) have regularly had hissy fits with DCS files and quarantined them as long as I've been around here (> 10 year).  So it's more unusual that you haven't had a problem like this before with McAfee than the fact that it's quarantining a file around the same time as a radar issue in the F-15.

Edited July 14 by rob10