freehand Posted March 17 Posted March 17 A little off topic but does any other module cause the same issue ?
razo+r Posted March 17 Posted March 17 11 minutes ago, freehand said: A little off topic but does any other module cause the same issue ? The F-15E used to do it some time ago, and the F-4E too. 1 1
Draken35 Posted March 17 Posted March 17 2 hours ago, Urbi said: Mister Draker35, there is a suspicion that there is a script in the DLL that executes a command outside of the actual program and changes something. Possibly the recording of the user's IP address. This isn't the first time that the virus has been recommended to be disabled. I had previously alerted BIGNEWY to such an activity (recording of the IP address) from a DLL. Personally, I don't trust Heatblur Simulations one bit. (SUPREMA Sp. z o.o. z o.o.) That is my opinion, and I have my reasons for it. And once again, I ask that this virus annoyance be removed. Hold on... So, now you are saying that Heatblur intentionally added a malware to their code? "There is a suspicion", you (obviously) and who else? Based on what? Concrete facts please. 1
SOLIDKREATE Posted March 18 Posted March 18 AVIONICS: ASUS BTF TUF MB, INTEL i9 RAPTORLAKE 24 CORE, 48GB PATRIOT VIPER TUF 6600MHz, 16GB ASUS TUF RTX 4070ti SUPER, ASUS TUF 1000w PSU CONTROLS: LOGI X-56 RHINO HOTAS, LOGI PRO RUDDER PEDALS, LOGI G733 LIGHTSPEED MAIN BIRDS: F/A-18C, MIRAGE F1
MAXsenna Posted March 18 Posted March 18 @SOLIDKREATE Please show us the exclusions in Defender! Not to be a dick, but it's clear to me you don't understand how these things work, and how the problems are related your Defender settings. You still have disabled your firewall. Why would disabling your firewall prevent you from using DCS? You have disabled your realtime scanning why? You must exclude the DCS folders, then perform a repair, then it will work. It's no use turning off the firewall, and temporarily disabling Defender. It will jack the files as soon as you enable it again without the exclusions in place. If you don't know how to, or don't understand what exclusions are, please tell us. It's frustrating for us to not put this issue to rest once and for all! Cheers!
SOLIDKREATE Posted March 18 Posted March 18 AVIONICS: ASUS BTF TUF MB, INTEL i9 RAPTORLAKE 24 CORE, 48GB PATRIOT VIPER TUF 6600MHz, 16GB ASUS TUF RTX 4070ti SUPER, ASUS TUF 1000w PSU CONTROLS: LOGI X-56 RHINO HOTAS, LOGI PRO RUDDER PEDALS, LOGI G733 LIGHTSPEED MAIN BIRDS: F/A-18C, MIRAGE F1
draconus Posted March 18 Posted March 18 (edited) @SOLIDKREATE You've been already told - firewall has nothing to do with the problem. You need two things to do: 1. Exclude DCS installation folder from scanning. https://www.thewindowsclub.com/exclude-a-folder-from-windows-security-scan 2. Run DCS repair. https://www.digitalcombatsimulator.com/en/support/faq/repair/#3340875 Edited March 18 by draconus 1 Win10 i7-10700KF 32GB RTX4070S Quest 3 T16000M VPC CDT-VMAX TFRP FC3 F-14A/B F-15E CA SC NTTR PG Syria
ED Team BIGNEWY Posted March 18 ED Team Posted March 18 13 hours ago, Urbi said: Mister Draker35, there is a suspicion that there is a script in the DLL that executes a command outside of the actual program and changes something. Possibly the recording of the user's IP address. This isn't the first time that the virus has been recommended to be disabled. I had previously alerted BIGNEWY to such an activity (recording of the IP address) from a DLL. Personally, I don't trust Heatblur Simulations one bit. (SUPREMA Sp. z o.o. z o.o.) That is my opinion, and I have my reasons for it. And once again, I ask that this virus annoyance be removed. Please pay attention, the antivirus is reporting a false positive, there is no threat. If you do not want to exclude the DCS folder from your scans no problem, security is a personal choice. You can submit the files to your antivirus provider for checking and wait for them to whitelist it. Making false accusations doesn't help anyone, so please consider what you are saying carefully and read our forum rules. thank you threads merged 3 1 Forum rules - DCS Crashing? Try this first - Cleanup and Repair - Discord BIGNEWY#8703 - Youtube - Patch Status Windows 11, NVIDIA MSI RTX 3090, Intel® i9-10900K 3.70GHz, 5.30GHz Turbo, Corsair Hydro Series H150i Pro, 64GB DDR @3200, ASUS ROG Strix Z490-F Gaming, PIMAX Crystal
ED Team BIGNEWY Posted March 18 ED Team Posted March 18 4 minutes ago, jymp said: Why not just release a update to fix this ? Its not something we can fix, the antivirus is reporting a false positive on the files. There is nothing wrong with the files themselves. 2 Forum rules - DCS Crashing? Try this first - Cleanup and Repair - Discord BIGNEWY#8703 - Youtube - Patch Status Windows 11, NVIDIA MSI RTX 3090, Intel® i9-10900K 3.70GHz, 5.30GHz Turbo, Corsair Hydro Series H150i Pro, 64GB DDR @3200, ASUS ROG Strix Z490-F Gaming, PIMAX Crystal
draconus Posted March 18 Posted March 18 5 minutes ago, jymp said: Why not just release a update to fix this ? AV companies could fix this by not calling false positives in their software - but that's not a good solution. ED/HB can make an update but then they have to send the new files for whitelisting to the AV companies and you'll have another 2-4 weeks of waiting time until the files get the green light. That's bad either. So how about realising it's the false positive and move on? 1 Win10 i7-10700KF 32GB RTX4070S Quest 3 T16000M VPC CDT-VMAX TFRP FC3 F-14A/B F-15E CA SC NTTR PG Syria
jymp Posted March 18 Posted March 18 3 minutes ago, draconus said: AV companies could fix this by not calling false positives in their software - but that's not a good solution. ED/HB can make an update but then they have to send the new files for whitelisting to the AV companies and you'll have another 2-4 weeks of waiting time until the files get the green light. That's bad either. So how about realising it's the false positive and move on? Whatever works
SOLIDKREATE Posted March 18 Posted March 18 1 hour ago, draconus said: @SOLIDKREATE You've been already told - firewall has nothing to do with the problem. You need two things to do: 1. Exclude DCS installation folder from scanning. https://www.thewindowsclub.com/exclude-a-folder-from-windows-security-scan 2. Run DCS repair. https://www.digitalcombatsimulator.com/en/support/faq/repair/#3340875 I dont need to anymore. Mine works now. 1 AVIONICS: ASUS BTF TUF MB, INTEL i9 RAPTORLAKE 24 CORE, 48GB PATRIOT VIPER TUF 6600MHz, 16GB ASUS TUF RTX 4070ti SUPER, ASUS TUF 1000w PSU CONTROLS: LOGI X-56 RHINO HOTAS, LOGI PRO RUDDER PEDALS, LOGI G733 LIGHTSPEED MAIN BIRDS: F/A-18C, MIRAGE F1
scommander2 Posted March 18 Posted March 18 (edited) I am used to report the filename (false-positive) that gets captured by AV, and its signatures back to the AV vender so that the AV vender will add the filename into a whitelist to avoid for the next AV database up. However, I can only do my AV vendor only. Edited March 18 by scommander2 1 Spoiler Dell XPS 9730, i9-13900H, DDR5 64GB, Discrete GPU: NVIDIA GeForce RTX 4080, 1+2TB M.2 SSD | Thrustmaster Warthog HOTAS + TPR | TKIR5/TrackClipPro | Total Controls Multi-Function Button Box | Win 11 Pro
MAXsenna Posted March 18 Posted March 18 I dont need to anymore. Mine works now.Are you sure? You have made exclusions, performed a full repair, turned Anti-Virus scanning on again, and turned on your Firewall? Cheers! Sent from my SM-A536B using Tapatalk
cj43g3r Posted March 19 Posted March 19 Ran in to this issue and just wanted to provide additional information so each can make a better informed decision/risk assessment. <DCSWorld>\Mods\aircraft\F14\bin\F14-HeatblurCommon.dll https://www.virustotal.com/gui/file/ea7acd71512534ec48808cd0e88047c869e4204b7d4a1c53ec19ba3d82564cb3/detection <DCSWorld>\Mods\aircraft\F-4E\bin\HeatblurJester.dll https://www.virustotal.com/gui/file/8c92a01f221c39be9aa16f386ceb940d8a9b50224545b0251a90f07b5d070a26/detection on the virustotal website, select the behavior tab and select the "full report" to see a report of the file's behavior. F14-HeatblurCommon.dll is categorized as a Win32 VMProtect etset trojan HeatblurJester.dll is categorized as a Win32 VMProtect trojan https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/VMProtect&ThreatID=2147725485 it is purely based on usage of VMProtect https://vmpsoft.com/ VMProtect is a Russian-made security envelope and file compressor utility that makes reverse engineering of protected software quite difficult. But its usage is also abused by trojans so it will trigger false alarms as well as legitimate detections. Neither files are digitally signed. Digital signatures on the files would help authenticate that the files originated from Heatblur and remain untampered through distribution. Let's Encrypt (https://letsencrypt.org/) can provide free certificates for signing. You can submit the files to your antivirus provider for disassemble/analysis and wait for a response. Large corporations do run product releases against major AV vendors. Likewise AV vendors also run their scanners against the most common major products. But this is a very huge task with a long list of products. Exclusions are provided as a workaround because there is no way to absolutely prevent false positives with the sheer number of users and the file permutations that are possible. If you do add exclusions, individual file exclusions are preferrable for least additional exposure. @MAXsenna and @Draken35 VMs were considered safe barriers against malware around 15 years ago but should not be considered as such today. Although relatively still few, there are malwares that can escape from a VM. You can use VMs as an additional layer of protection but regular backups/clones are the only solution. I use a dedicated gaming PC under a standard user account that is separate from other PCs to minimize the risk. @MAXsenna Urbi is correct where adding an exclusion to the dll file allows it to be run under the context of the current logon user and access to that user's resources. @Urbi No need to delete the F-14 DLC since F14-HeatblurCommon.dll has been quarantined. The file has been moved and isolated. 2 1
SOLIDKREATE Posted March 19 Posted March 19 14 hours ago, MAXsenna said: Are you sure? You have made exclusions, performed a full repair, turned Anti-Virus scanning on again, and turned on your Firewall? Cheers! Sent from my SM-A536B using Tapatalk Yes Sir =o). No warnings at all. AVIONICS: ASUS BTF TUF MB, INTEL i9 RAPTORLAKE 24 CORE, 48GB PATRIOT VIPER TUF 6600MHz, 16GB ASUS TUF RTX 4070ti SUPER, ASUS TUF 1000w PSU CONTROLS: LOGI X-56 RHINO HOTAS, LOGI PRO RUDDER PEDALS, LOGI G733 LIGHTSPEED MAIN BIRDS: F/A-18C, MIRAGE F1
MAXsenna Posted March 19 Posted March 19 Yes Sir =o). No warnings at all. Fantastico! Sent from my SM-A536B using Tapatalk 1
nighthawk06 Posted March 19 Posted March 19 After noticing my F-14 had disappeared a few weeks ago (including icon) I followed the trail to Windows Defender which for some reason has quarantined it as a "severe threat". Is this a Defender problem or an F-14 problem? Any advice appreciated.
razo+r Posted March 19 Posted March 19 9 minutes ago, nighthawk06 said: After noticing my F-14 had disappeared a few weeks ago (including icon) I followed the trail to Windows Defender which for some reason has quarantined it as a "severe threat". Is this a Defender problem or an F-14 problem? Any advice appreciated. It's more just a false positive than an actual problem. It's just being overcareful, leaving the final decision to you. 1
Hiob Posted March 19 Posted March 19 20 minutes ago, nighthawk06 said: After noticing my F-14 had disappeared a few weeks ago (including icon) I followed the trail to Windows Defender which for some reason has quarantined it as a "severe threat". Is this a Defender problem or an F-14 problem? Any advice appreciated. It's a Defender problem. And more generally speaking an AV problem per se. False positives. 2 "Muß ich denn jedes Mal, wenn ich sauge oder saugblase den Schlauchstecker in die Schlauchnut schieben?"
Tophatter14 Posted March 20 Posted March 20 If you set up a symbolic junction to another drive just for updates as linked below (due to drive size limits), don't forget to add that downloads folder to your windows security scan exclusion list. 2 1
Raffi75 Posted March 20 Posted March 20 On 3/15/2025 at 10:07 AM, Archangel44 said: Doing it now. I just found the other 4 page thread and read through it. Update........................ That fixed it. Exclude the DCS folder in Windows Defender and then did a DCS repair. Thank you It's not a feat that I have to fix something on my own because of a defective product. The library (.dll in the bin folder) should be fixed by the publisher. I paid for the product and I would like to be able to use it fully.
sleighzy Posted March 20 Posted March 20 28 minutes ago, Raffi75 said: It's not a feat that I have to fix something on my own because of a defective product. The library (.dll in the bin folder) should be fixed by the publisher. I paid for the product and I would like to be able to use it fully. It's not something they can fix like that. As per the official statement on the Heatblur Discord (the makers of this module) anti-virus software can incorrectly flag things as a false positive. This is not a defect in the product and has happened for other modules in the past. null 2 AMD 7800x3D, 4080Super, 64Gb DDR5 RAM, 4Tb NVMe M.2, Quest 2
Recommended Posts