F14 not authorized / antivirus / false positive

[razo+r]

Just now, Ski01 said:

Hmm - just made DCS and exception for Gridinsoft - but its still doing the same thing :{

Did you also perform a repair after adding DCS as an exception?

[Falken2]

The file file: C:\Program Files\Eagle Dynamics\DCS World\Mods\aircraft\F14\bin\F14-HeatblurCommon.dll

has been quanrantined by windows defender today

detected:Trojan:Win32/Etset!rfn

WTF ?

Started DCS and got a message like F14 will be unvailable soon because doesn't comply with ....

what shall I do ?

[razo+r]

4 minutes ago, Falken2 said:

The file file: C:\Program Files\Eagle Dynamics\DCS World\Mods\aircraft\F14\bin\F14-HeatblurCommon.dll

has been quanrantined by windows defender today

detected:Trojan:Win32/Etset!rfn

WTF ?

Started DCS and got a message like F14 will be unvailable soon because doesn't comply with ....

what shall I do ?

You should: Add DCS as an exception to your anti virus and then run a repair of DCS. That should fix it.

For more information, there are some topics about this already. Feel free to browse the F-14 subforum.

[BIGNEWY]

threads merged

[aldo]

Hi everybody... 
so is there any walkaround or i better to wait for an ED update?

[razo+r]

1 minute ago, aldo said:

Hi everybody... 
so is there any walkaround or i better to wait for an ED update?

Read some of the previous posts.

[Clawhammer]

18 minutes ago, aldo said:

so is there any walkaround or i better to wait for an ED update?

I disabled the module and wait for the next update. If you really like to fly the f14 you need to tell your Anti Virus to ignore this file/directory, but that punches a hole into your pc security. We already saw infected files in steam mods and games, so its not impossible that this accident may happen to ed as well and then there is nothing that blocks stuff going on your system.

Edited March 14 by Clawhammer

[Draken35]

3 hours ago, Ski01 said:

Hmm - just made DCS and exception for Gridinsoft - but its still doing the same thing :{

Do a DCS repair

[Rudel_chw]

2 hours ago, Clawhammer said:

you need to tell your Anti Virus to ignore this file/directory, but that punches a hole into your pc security

 

That's why I only use my PC for gaming, work is done on my Mac and I don't mix the two.

[Draken35]

6 minutes ago, Rudel_chw said:

 

That's why I only use my PC for gaming, work is done on my Mac and I don't mix the two.

Ditto... and separated VLANs... Except I do not use a Mac

Edited March 14 by Draken35

[MAXsenna]

Ditto... and separated VLANs... Except I do not use a Mac

I run everything, which potential security risk might have an impact on, in virtual machines. Daily snapshots. Been doing this for close to twenty years. Never been breached once!
Don't visit pr0n and crack sites, open strange, (obvious), emails on your computer and you'll be fine. Sigh....

Sent from my SM-A536B using Tapatalk

[MagpieOne]

I had the same issue today. Re-adding exclusions to Windows Defender and repairing the DCS build worked for me, as the C:\Program Files\Eagle Dynamics\DCS World\Mods\aircraft\F14\bin\F14-HeatblurCommon.dll file was missing.

[Rudel_chw]

3 minutes ago, MagpieOne said:

Re-adding exclusions to Windows Defender and repairing the DCS build worked for me

 

Should work for everyone, but many people still believe that just the exclusion is needed, forgetting to repair the damage that the Antivirus did.

[Schmidtfire]

18 hours ago, MAXsenna said:

Your Anti-Virus solution is messing with you and DCS. NOT ED's fault! Exclude the Eagle Dynamics/Steam core DCS folder in your Anti-Virus solution. THEN perform a full repair or a verification of the files integrity in Steam. That's it.
Not to be a dick, but a quick Google search would've solved this in minutes for you.
Cheers!

I own many games and it is not a standard procedure needing to exclude the game from the Antivirus in order to play.

Perhaps a developer can explain more in detail, but this issue most likely stems from bad practices or an unconventional approach.

I'm glad there's a workaround available, but a commercial 80(!) dollar product should not get flagged as malicious.

[MAXsenna]

2 hours ago, Clawhammer said:

I disabled the module and wait for the next update.

What next update? For DCS? You know ED/HB can't do a thing, right? It's your Anti-Virus solution that p****s you in your face, and the ones that need to update their software.

2 hours ago, Clawhammer said:

but that punches a hole into your pc security

Depends...

2 hours ago, Clawhammer said:

We already saw infected files in steam mods and games, so its not impossible that this accident may happen to ed as well and then there is nothing that blocks stuff going on your system.

This is somewhat true. Mods, obviously. One needs to do their homework. But, people not being able to Google and found out the solution instead of asking the same question others have done or the xinth time, are probably not using mods. As for ED pushing malware? Oh, Lord! The "infected" games on Steam slipped through as intended malware Steam didn't bother to vet. Don't download indie games as the first user.

Cheers!

 

[MAXsenna]

5 minutes ago, Schmidtfire said:

I own many games and it is not a standard procedure needing to exclude the game from the Antivirus in order to play.

They're probably encrypted the way ED does. 

6 minutes ago, Schmidtfire said:

Perhaps a developer can explain more in detail, but this issue most likely stems from bad practices or an unconventional approach.

I wouldn't call it exactly that. While it's the encryption to protect their IP that gets flagged.

7 minutes ago, Schmidtfire said:

I'm glad there's a workaround available, but a commercial 80(!) dollar product should not get flagged as malicious.

Depends, and ED should really start looking into digitally signing the encrypted files. It can be a biatch to setup. But once you've done it, it's easy to maintain in house, with a USD200 per year fee or so. Not sure how ED pushes the 3rd party files, and how much work it all will be for those. 

Cheers!  

[Zabuzard]

I own many games and it is not a standard procedure needing to exclude the game from the Antivirus in order to play.
Perhaps a developer can explain more in detail, but this issue most likely stems from bad practices or an unconventional approach.
I'm glad there's a workaround available, but a commercial 80(!) dollar product should not get flagged as malicious.

The main reason this is a rather uncommon sight for most games is because they delay all their updates by 2-4 weeks in order to whitelist the files explicitly at all AV software distributors. In case of bigger AAA studios they also pay them for premium and in order to speed this process up a bit.

With the files being explicitly whitelisted in the AV DBs, they can then safely be distributed to users. This process often needs to be repeated whenever the file has been changed, i.e. on every single update.

During development, also in those AAA studios, the AV triggers for the files as well, its standard practice to just locally whitelist the folders (you also gain some performance boost of that).

For some Indie games its actually not too uncommon to run into the same problem as user.

[scommander2]

I will say that the file "F14-HeatblurCommon.dll" was compiled with the code contains the identical signature in the antivirus/defender virus/trojan database.

Maybe "F14-HeatblurCommon.dll" will be updated/compiled in the future contains no antivirus/defender "possible" signature.

I think that it is the exclusive rule about because the antivirus venders can't guarantee the files get catched are 100% virus/trojan for sure, and it is relied on the user to determine the file is false-positive or positive-positive. 

Not offensive: It is very impossible to re-code/re-compile the file to meet all antivirus requirements, and it is not practice. 

Edited March 14 by scommander2

[Schmidtfire]

In the end, it is not a good look and perhaps even triggering some refunds on Steam.

Not all players know what causes the issue or if there's a workaround available. 

And I know at least two players that got so frustrated that they avoid using their HB modules. Any mention of a workaround is met by suspicion or 
"I rather play it safe than be sorry".

That said. If nothing else can be done, so be it. I have not have any issues myself and I would use the workaround if needed  

Edited March 14 by Schmidtfire

[Draken35]

I work in IT for the Health Care industry... You would be surprised on how many 3rd party software vendors "require" that their products be excluded from AVs... And those are not $80 commercial products  (mostly due to performance consideration to be fair) 

The threat environment we live in is scary, very different that it was 10 or 20 years ago. 

@MAXsenna I've been thinking on running VMs as well for some of my stuff in a 1:1 rate to add another layer but that sounds too much like work

[landstorm]

hi al

now for 2 days i have been facing this problom when i start DCS

( 

Authorization is valid for 2d 23h 59m

The following DLCs are not authorized and will be disabled:
F-14 )

cant flay the F14 any more

the only way was disable my windows defender

scaned all my PC for viruses and malware and cleaned it 100%

did any one faced this ??

 

[Zabuzard]

In the end, it is not a good look and perhaps even triggering some refunds on Steam.
Not all players know what causes the issue or if there's a workaround available. 
And I know at least two players that got so frustrated that they avoid using their HB modules. Any mention of a workaround is met by suspicion or 
"I rather play it safe than be sorry".
That said. If nothing else can be done, so be it. I have not have any issues myself and I would use the workaround if needed  

Yeah. Id wish there would be anything that can be done from our side to get rid of it.
This will keep on happening for our modules occasionally and also for other thirdparty modules.

Most of the time the AVs trigger on stuff that is more complex on the technical side. Which is why it doesnt happen that often on (coding-wise) simpler modules. For example the use of Jester, the UI, the recorders, having Special Options, the component system,... all those feature require doing things that can be AV sensitive like reading/writing files on your disk, spawning processes or talking to the internet.

We (and ED) do send our files to the AV distributors for whitelisting but the process usually finishes only like 2-3 weeks after release of the update. Which is also why these problems tend to "resolve magically" after waiting long enough and why it rarely happens for modules that don't receive many updates anymore.

[MAXsenna]

25 minutes ago, landstorm said:

did any one faced this ??

Any reason you didn't read the previous posts? The solution is right there you know. Exclude the DCS core installation folders, and Saved Games while you're at it, in your Anti-Virus solution. Perform a full repair, or a verification of files if you're on Steam. Up in sky you go. 

 

[MAXsenna]

@Draken35 I believe you. We have software that costs USD 100K per concurrent user with a 20% annual maintenance fee. We exclude all our seismic data. Imagine the scan process every time a user opens a 100GB file.

I work a lot with images for deployment, and they are the same I use in our virtual environment. I even run Deployment Toolkit and SCCM at home. You should try a VM. It's not really that much work.

Cheers!  

[Rudel_chw]

1 hour ago, landstorm said:

the only way was disable my windows defender

 

Its not the only way, a far more secure way is to just configure Defender to exclude from its action the DCS folder.