F14 not authorized / antivirus / false positive

[MAXsenna]

If you set up a symbolic junction to another drive just for updates as linked below (due to drive size limits), don't forget to add that downloads folder to your windows security scan exclusion list.  
 
 

Great tip!

Sent from my SM-A536B using Tapatalk

[Gibo]

Hallo I had the same problem and I submitted a ticket to Dcs and they replied that is a Defender problem (false positive). So I suggest you to say to Defender that the the F14-HeatblurCommon.dll is a reliable file and is not affected by virus. If I well remember Defender put F14-HeatblurCommon.dll in quarantine and all you have to do is to remove the file from the quarantine and all will be ok.

[Slant]

On 3/18/2025 at 11:44 AM, draconus said:

AV companies could fix this by not calling false positives in their software - but that's not a good solution.

ED/HB can make an update but then they have to send the new files for whitelisting to the AV companies and you'll have another 2-4 weeks of waiting time until the files get the green light. That's bad either.

So how about realising it's the false positive and move on?

Because there is a reason these things trigger AV... It's not like AV's generate random lists of things to strike.

Handwaving it and telling us to effectively disable the AV is not only incredibly lazy, it's also making IT security guys' palms sweat. Don't do that. It's bad advice.

[scommander2]

8 minutes ago, Slant said:

Because there is a reason these things trigger AV...

Agree.

8 minutes ago, Slant said:

It's not like AV's generate random lists of things to strike.

But, there is no way to prevent a DLL file generated has the false-positive virus signature. 

PS: As a developer, I do not think that I run AV scan files after I compile a binary code, *.so and *.dll because I know that I do not create virus/trojan.

Edited March 20 by scommander2

[Slant]

57 minutes ago, scommander2 said:

Agree.

But, there is no way to prevent a DLL file generated has the false-positive virus signature. 

PS: As a developer, I do not think that I run AV scan files after I compile a binary code, *.so and *.dll because I know that I do not create virus/trojan.

I agree that these things happen. But they shouldn't. And the "do this and move on" attitude is a little too casual. This isn't a new software that was pushed out recently. I can't contact the guys working the Windows Defender blacklists, so this needs to be done by ED/HB. I will whitelist this thing for now, but dismissing the problem like some people here do is not the solution.

[draconus]

6 minutes ago, Slant said:

I agree that these things happen. But they shouldn't. And the "do this and move on" attitude is a little too casual. This isn't a new software that was pushed out recently. I can't contact the guys working the Windows Defender blacklists, so this needs to be done by ED/HB. I will whitelist this thing for now, but dismissing the problem like some people here do is not the solution.

And what is the solution? The devs have already spoken. You want to hold all the updates for 2-3 weeks?

I am IT guy and I don't let my users turn off AV software or make exclusions. I do that myself when false positives happen and they do happen. I also don't let my users install games on company owned PCs.

Here's a free choice for everyone. Either play now and take a "risk" or wait a few weeks. I choose to trust ED/HB in this case. What you do is not my business.

[rob10]

12 hours ago, Raffi75 said:

It's not a feat that I have to fix something on my own because of a defective product. The library (.dll in the bin folder) should be fixed by the publisher. I paid for the product and I would like to be able to use it fully.

Sorry, but ED and 3rd parties can't rewrite their software every time the antivirus companies decide to add something else to their "suspicious" list.  That file didn't change and probably hasn't changed in literal years.  The antivirus programs are not only looking for "viruses" and "malware" but are also checking for things that look "suspicious" -- so the same as the unmarked van that an Amazon delivery guys pulls up to your house in could cause a security company to be concerned because it looks like what a robbery crew might drive even though it's completely safe in this case.  It might be the same van that's pulled in 10 times in the last 6 months, but by coincidence a robbery crew happened to use the same colour/make of van 3 streets over to rob someone so suddenly it's an issue.  Not Amazons fault.  Do you want them to change from white Ford vans to red Toyota vans every time this happens?

Edited March 20 by rob10

[Draken35]

17 minutes ago, Slant said:

But they shouldn't.

Agree, there shouldn't be hackers creating viruses or altruistic Ethiopian "princes" who want to share their wealth  but, sadly, they do exists.

28 minutes ago, Slant said:

This isn't a new software that was pushed out recently

But it is! Every single new update or patch is, in fact, new software from an AV perspective. Consider as well that, between DCS updates, there are several millions of new malware pieces identified . 

At the moment, and in the foreseeable future, there are only 2 options when these false positives appear (and they will):

1) Add an exclusion the the AV.

2) Wait until the AV vendor whitelist the files summited by ED/3rd party. Of course, this will take time... Can you imagine how long it takes to process all those whitelist request?

Which one to choose, is up to each of us and so is how to mitigate the risks associated to option 1)

 

[MAXsenna]

I can't contact the guys working the Windows Defender blacklists

You actually can, and the more users sending these in, the faster they will be whitelisted. 

altruistic Ethiopian "princes" who want to share their wealth 

What? I only get hit on by single moms with unhealthy parents. Dude, what's your secret? 

[Draken35]

totally offtopic... we do need the "laugh" reaction to the topics back

[Rudel_chw]

On 3/18/2025 at 7:34 AM, jymp said:

Why not just release a update to fix this ?

 

Sure, write to your AV support and request them to update their crapware.

Edited March 20 by Rudel_chw

[Rudel_chw]

1 hour ago, draconus said:

I choose to trust ED/HB in this case. What you do is not my business.

 

+1 ... I do the same 

[Archangel44]

13 hours ago, Raffi75 said:

It's not a feat that I have to fix something on my own because of a defective product. The library (.dll in the bin folder) should be fixed by the publisher. I paid for the product and I would like to be able to use it fully.

Are you talking to me? If not, then don’t quote my posts or use them as a spring board to enter the conversation 

I was having a conversation with AdrianL.

Please don’t preach to me while interrupting, not a good form. Makes one look immature or full blown ADD. You would do well to listen twice as much as you speak.

Thank you.

Edited March 20 by Archangel44

[scommander2]

"Resistance is futile..." 

To get F-14 in air is up-to the user decision to do the exception rule for meanwhile or not  

[mazex]

Well - if this a false positive I suggest that ED and Heatblur post this to Microsoft and not telling us paying customers to do it?

null

[mazex]

So a small Russian company develops a simulator that I like. When I download an update Microsofts automatic Defender AV detection says this when I download an update... I have NO other application that Defender has reacted on the last years - but it has happened 3 times with DCS. Can ED please contact Microsoft Support and explain that this is a false positive so they can update their AV definitions, instead of spreading dangerous advice of excluding AV scans for the DCS installation folder? That is not a solution - it is a bad workaround. Are the developers running on a modern and updated OS with a modern AV? That should have detected this "false" positive before posting it to their customers so Micorosoft would have updated the AV definitions. What more can be in the downloads that are actual true positives if this was not flagged in the QA environments?

null

[SOLIDKREATE]

I'm going to post a video later when I get home. This chain has become too long and it seems people have missed what I have done to fix the issue, and still be protected. I have to head out to work but I will see you all later =o)

[nighthawk06]

9 hours ago, Gibo said:

Hallo I had the same problem and I submitted a ticket to Dcs and they replied that is a Defender problem (false positive). So I suggest you to say to Defender that the the F14-HeatblurCommon.dll is a reliable file and is not affected by virus. If I well remember Defender put F14-HeatblurCommon.dll in quarantine and all you have to do is to remove the file from the quarantine and all will be ok.

Thanks for that.

[hornblower793]

1 hour ago, mazex said:

Well - if this a false positive I suggest that ED and Heatblur post this to Microsoft and not telling us paying customers to do it?

null

They could but these things take weeks to clear once submitted so each patch would be delayed. Your AV is painting a very black and white picture - the programme is only potentially dangerous because the AV cannot read it. Potholes in the road are also potentially dangerous and I have to report those, not the maker of my car

[mazex]

26 minutes ago, hornblower793 said:

They could but these things take weeks to clear once submitted so each patch would be delayed. Your AV is painting a very black and white picture - the programme is only potentially dangerous because the AV cannot read it. Potholes in the road are also potentially dangerous and I have to report those, not the maker of my car

Lets assume I work with advanced software CI/CD questions at a much larger company than ED. This problem should never happen as it should have been caught in the automatic tests before release. And it does not take weeks to get MS to add it, if it is a false positive. And other AV suites are complaining about it as well. I would not recommend anyone to exclude the DCS folder from AV scans. Especially with unresolved disputes with sub-contractors. So has the QA team noticed that both Defender and Avast complains that the ddl is infected with "Wacatac.B!ml" and ignored that and pushed it to release as they are sure it's false? Or do they not have DAST scanners in their build environment? Microsoft Defender is the most commonly used AV suite in the potential customer group.

[BIGNEWY]

threads merged. 

Security is a personal choice to make. 

If you are not happy excluding DCS from scans you should submit the files to your AV provider. 

thank you 

[MAXsenna]

47 minutes ago, mazex said:

This problem should never happen as it should have been caught in the automatic tests before release.

In what way does that help? The files will still need to be sendt to the AV vendors. 

48 minutes ago, mazex said:

if it is a false positive.

They for sure are. Why would all the relevant files eventually be whitelisted?

50 minutes ago, mazex said:

I would not recommend anyone to exclude the DCS folder from AV scans.

That's your prerogative.  

51 minutes ago, mazex said:

So has the QA team noticed that both Defender and Avast complains that the ddl is infected with "Wacatac.B!ml" and ignored that and pushed it to release as they are sure it's false? Or do they not have DAST scanners in their build environment? Microsoft Defender is the most commonly used AV suite in the potential customer group.

So, you think it's up to ED to install every Anti-Virus solution there is, and test them one by one? To be honest I believe you have no clue on how this actually work, and I think you still believe there are viruses in the files. 

---

It just dawned on me why we have this surge in these type of posts and complaints. We don't have OpenBeta anymore, and when we did, the files were already whitelisted when they hit Stable. 

[sleighzy]

2 hours ago, mazex said:

So a small Russian company develops a simulator that I like. When I download an update Microsofts automatic Defender AV detection says this when I download an update... I have NO other application that Defender has reacted on the last years - but it has happened 3 times with DCS. Can ED please contact Microsoft Support and explain that this is a false positive so they can update their AV definitions, instead of spreading dangerous advice of excluding AV scans for the DCS installation folder? That is not a solution - it is a bad workaround. Are the developers running on a modern and updated OS with a modern AV? That should have detected this "false" positive before posting it to their customers so Micorosoft would have updated the AV definitions. What more can be in the downloads that are actual true positives if this was not flagged in the QA environments?

null

This issue occurred after any patches, i.e. this dll was already on people's systems. It was only recently flagged when virus database updates came out recently. Based on that then it would not have been flagged at the time of initial development and distribution.

[Zabuzard]

4 hours ago, mazex said:

Well - if this a false positive I suggest that ED and Heatblur post this to Microsoft and not telling us paying customers to do it?

We do this with every single update, we always contact all vendors and create whitelisting requests on each update - even before you get the update.
But it takes them around 2-4 weeks to process these requests, so sometimes you run into this.

Kindly read through the previous messages of this thread, this has been explained in detail at least 3 times already throughout the 8 pages. Cheers

[Rudel_chw]

14 minutes ago, Zabuzard said:

Kindly read through the previous messages of this thread, this has been explained in detail at least 3 times already throughout the 8 pages.