Glowingheat Posted July 22, 2024 Posted July 22, 2024 Since the latest small patch released today, Malwarebytes is reporting: C:\users\mypc\desktop\dcs.exe - shortcut.ink Malware.Ransom.Agent.Generic HKLM\Software\Microsoft\windows nt\currentversion\image file execution options\DCS.exe Quarantined due to Ransomware characteristics Can anyone confirm how to bypass and indeed should I bypass this message.......?!
Glowingheat Posted July 22, 2024 Author Posted July 22, 2024 Just to add that this only appears to affect the MT DCS.EXE - the single thread DCS opens just fine. Would appreciate some advice. Aside from excluding the entire DCS folder from malwarebytes.
jeffdude Posted July 22, 2024 Posted July 22, 2024 would love to hear an official response, just had a few squad members report the same! [sIGPIC][/sIGPIC]
intruder11 Posted July 23, 2024 Posted July 23, 2024 This is really common with third party antivirus. DCS uses anti-piracy/anti-cheat measures which encrypt many of the game files until the game loads. The antivirus program sees an EXE it doesn't recognize that is doing encryption/decryption, and assumes it's malware rather than a new patch for a niche computer game.
Seaside Posted July 23, 2024 Posted July 23, 2024 I'm Getting same with Malwarebytes. I assume the download is safe ?
Glowingheat Posted July 23, 2024 Author Posted July 23, 2024 Malwarebytes never used to quarantine the DCS.exe or DCS-MT.exe files until the most recent hot patch yesterday.
Lange_666 Posted July 23, 2024 Posted July 23, 2024 If you do a little search here on the forum about AV scans and reporting viruses after a new update in DCS you would find lots of threads about it all telling the same thing: It are false positives !!! Just exclude the entire DCS folder and the Saved Games DCS folder in your AV scans and forget about it... 1 Win11 Pro 64-bit, Ryzen 5800X3D, Corsair H115i, Gigabyte X570S UD, EVGA 3080Ti XC3 Ultra 12GB, 64 GB DDR4 G.Skill 3600. Monitors: LG 27GL850-B27 2560x1440 + Samsung SyncMaster 2443 1920x1200, HOTAS: Warthog with Virpil WarBRD base, MFG Crosswind pedals, TrackIR4, Rift-S, Elgato Streamdeck XL. Personal Wish List: A6 Intruder, Vietnam theater, decent ATC module, better VR performance!
silverdevil Posted July 24, 2024 Posted July 24, 2024 On 7/22/2024 at 3:18 PM, Glowingheat said: Since the latest small patch released today, Malwarebytes is reporting: C:\users\mypc\desktop\dcs.exe - shortcut.ink Malware.Ransom.Agent.Generic HKLM\Software\Microsoft\windows nt\currentversion\image file execution options\DCS.exe Quarantined due to Ransomware characteristics Can anyone confirm how to bypass and indeed should I bypass this message.......?! On 7/21/2024 at 3:37 PM, silverdevil said: https://forum.dcs.world/tags/antivirus/ hello. click this link for a filtering of posts. 1 AKA_SilverDevil Join AKA Wardogs Email Address My YouTube “The MIGS came up, the MIGS were aggressive, we tangled, they lost.” - Robin Olds - An American fighter pilot. He was a triple ace. The only man to ever record a confirmed kill while in glide mode.
MAXsenna Posted July 24, 2024 Posted July 24, 2024 hello. click this link for a filtering of posts.I see you putting it to good use already! Sent from my SM-A536B using Tapatalk 1
intruder11 Posted July 25, 2024 Posted July 25, 2024 Other games don't get detected because they're either 1) way more popular or 2) use an off-the-shelf anti-piracy/anti-cheat system like EAC, Steam, Battleye, Vanguard, Denuvo, EA's in house thing, etc. Every new DCS patch changes the files enough that any previous whitelisting doesn't apply. As posted above, this is a _very_ common issue, your anecdotal experience is not the whole community's.
silverdevil Posted July 25, 2024 Posted July 25, 2024 12 hours ago, MAXsenna said: I see you putting it to good use already! yes max! 1 AKA_SilverDevil Join AKA Wardogs Email Address My YouTube “The MIGS came up, the MIGS were aggressive, we tangled, they lost.” - Robin Olds - An American fighter pilot. He was a triple ace. The only man to ever record a confirmed kill while in glide mode.
Recommended Posts