tver.56s Posted June 23 Posted June 23 8 часов назад, BIGNEWY сказал: Even if we submit files to all the different AV providers they would not keep up with our update cycle. Being a community manager, please, do your job: deliver the feedback of the community to the developers and let responsible experts decide how to solve the issue and improve delivery process. 8 часов назад, BIGNEWY сказал: The files are safe, it is a false positive, it happens a lot due to the way the files are protected. Still this is a major problem and it has nothing about trust to ED. There are number of situations when antivirus policy couldn't be changed on a host machine. And under no circumstances disabling antivirus on a user host machine should be considered as a solution. Especially for app like dcs running frameworks like moose. That is a way to unblock a variety of attacks both on server and its client machines. 2
Clawhammer Posted June 23 Posted June 23 (edited) 9 hours ago, SteelPig said: The software not working as intended is the Windows-Defender. Cause that's the one triggering the false positive. So if you search for a tree to bark on, call Redmond. I would agree if we would talk about normal game files, but their file encryption is nothing usual. I dont know any another game that caused so many av detections. 1 hour ago, tver.56s said: And under no circumstances disabling antivirus on a user host machine should be considered as a solution. Most people running the dcs dedicated server stuff, run this stuff on root server reachable from the internet. It is indeed not a great idea to do that. Edited June 23 by Clawhammer 1
DragonSoulkin Posted June 23 Posted June 23 15 hours ago, BIGNEWY said: it happens a lot due to the way the files are protected. This is literally the ONLY game out of well over a hundred that I've played on PC that this has EVER happened. 2
PSYKOnz Posted June 23 Posted June 23 39 minutes ago, DragonSoulkin said: This is literally the ONLY game out of well over a hundred that I've played on PC that this has EVER happened. Yes, this, i only play about 20 games with regularity and i run servers for about 7 of them, dcs is the only game that has this issue I would also add that part of teaching basic internet security is "Dont trust anyone or anything that asks you to disable your AV or Firewall" we know that these are false positives and the files are 100% safe, but thats not the point, dont tell people on mass that they should disable security features, make sure your files are good before release And as a really good perk of doing that you dont get a thread like this 2 Tomcat, Tomcat über allen
SteelPig Posted June 24 Posted June 24 11 hours ago, Clawhammer said: I would agree if we would talk about normal game files, but their file encryption is nothing usual. I dont know any another game that caused so many av detections. If there is one game or 1000 with this problem doesn't matter. The Windows Defender has the false positive, that thing is build by Microsoft. So yelling at ED is just choosing the easier target. 2
silverdevil Posted June 24 Posted June 24 6 hours ago, SteelPig said: If there is one game or 1000 with this problem doesn't matter. The Windows Defender has the false positive, that thing is build by Microsoft. So yelling at ED is just choosing the easier target. agreed. if just some of these users complaining in the forums took action to report the false positives, the AV companies will check the submissions further. what most people do not understand is DCS is quite different that "all other games" in that, ED has a base game that is free with umpteen modules and maps for purchase. all of these available for purchase items have to be encrypted to keep them safe from pirates. quite frankly, and an unfortunate fact, there a many thieves in the world taking advantage. here is a scenario to consider. a legitimate software developer has one of their DLLs hacked and the original is replaced with an unsavory version. yes it has happened. these DLLs are also intellectual property. no one wants their blood, sweat, tears efforts stolen. no one. if you cannot trust ED, then you should leave the rest of us (and ED), that do, alone. i personally do trust them and will continue. 2 AKA_SilverDevil Join AKA Wardogs Email Address My YouTube “The MIGS came up, the MIGS were aggressive, we tangled, they lost.” - Robin Olds - An American fighter pilot. He was a triple ace. The only man to ever record a confirmed kill while in glide mode.
Actium Posted June 24 Posted June 24 (edited) I do understand both sides of the argument. Hardcore DCS fans like yourselves certainly don't mind bypassing well-established security measures. However, more casual players may be easily scared off by that necessity. DCS does not have a large player base. Haphazardly scaring potentially new customers away with malware warnings appears potentially harmful from a business perspective. 10 hours ago, SteelPig said: The Windows Defender has the false positive, that thing is build by Microsoft. So yelling at ED is just choosing the easier target. It is not quite that simple. With encrypted and/or obfuscated binaries, malware detection engines will have a hard time analyzing the trustworthiness of a previously unknown file. There's nothing the AV vendors can do without a sample of these suspect binaries. 4 hours ago, silverdevil said: if just some of these users complaining in the forums took action to report the false positives, the AV companies will check the submissions further. That would amount to fighting the symptoms and not the cause. ED are in a unique position to submit these files to AV vendors prior to release. Consider the files that initially got flagged by Microsoft Defender, but that now pass all major AV solutions: WorldGeneral.dll, Flight.dll, Scripting.dll, and edterrain4.dll. I'd assume (just spitballing) those AV programs first came into contact with the files after the release (at least as far as virustotal is concerned; check the details tab). Had these files been uploaded sooner, the false positives could possibly have been sorted out before affecting players. Virustotal shares the uploaded samples with AV vendors. Files can be uploaded for free and automatically through their API. That would imply minimal effort for ED for a chance to resolve this issue. IMHO, it's worth a shot. I also noticed that the DLLs are not code-signed. I develop software on Linux, not Windows, so I'm just spitballing again: Signing the DCS binaries with a Microsoft-issued certificate may improve the rating given by AV engines to these encrypted/obfuscated binaries. @BIGNEWY That could be another measure to suggest to your team to improve user-experience and avoid such unpleasant false positives or even suggesting to exclude DCS from malware scans altogether. 4 hours ago, silverdevil said: if you cannot trust ED, then you should leave the rest of us (and ED), that do, alone. i personally do trust them and will continue. It's not just about trusting ED. Supply chain attacks are a serious IT security concern. Edited June 24 by Actium 1
ED Team BIGNEWY Posted June 24 ED Team Posted June 24 5 minutes ago, Actium said: @BIGNEWY That could be another measure to suggest to your team to improve user-experience and avoid such unpleasant false positives or even suggesting to exclude DCS from malware scans altogether. Hi, Thanks for the suggestions, I have passed on the feedback and the team have been watching the thread. 1 1 Forum rules - DCS Crashing? Try this first - Cleanup and Repair - Discord BIGNEWY#8703 - Youtube - Patch Status Windows 11, NVIDIA MSI RTX 3090, Intel® i9-10900K 3.70GHz, 5.30GHz Turbo, Corsair Hydro Series H150i Pro, 64GB DDR @3200, ASUS ROG Strix Z490-F Gaming, PIMAX Crystal
MAXsenna Posted June 25 Posted June 25 10 hours ago, Actium said: That would amount to fighting the symptoms and not the cause. ED are in a unique position to submit these files to AV vendors prior to release. This will absolutely be the best solution, except that we will always have the patch two weeks later, as they always work on the patch on patch day. The reason we actually see this from more users is that "hardcore" users would be on OpenBeta, and already have implemented the "fix". And when Stable was patched, the files would be whitelisted. One perk of whitelisting the folders on older computers, are that DCS loads and works much faster. Thank you for your sober and eloquent post! Cheers! 1
Actium Posted June 25 Posted June 25 8 hours ago, MAXsenna said: This will absolutely be the best solution, except that we will always have the patch two weeks later, as they always work on the patch on patch day. Not necessarily, at least not for 2.9.17. The release announcement was at 2025-06-19T15:03Z. Have a look at the details tab of the virustotal links. According to the DLL (PE) header, the files were compiled between 2025-06-16T06:55Z and 2025-06-18T13:06Z. According to the timestamp in autoupdate.cfg, the release was presumably packaged at 20250618-234919. That still leaves about a day to (automatically) upload the final release binaries to Virustotal, Microsoft, etc. so AV vendors can have a go at them. If all goes well, the release will not be delayed. Only if Virustotal returns significant false positives, I'd delay the update for a day or two, hoping the AV vendors will have sorted out the false positives by then.
MAXsenna Posted June 25 Posted June 25 Not necessarily, at least not for 2.9.17. The release announcement was at 2025-06-19T15:03Z. Have a look at the details tab of the virustotal links. According to the DLL (PE) header, the files were compiled between 2025-06-16T06:55Z and 2025-06-18T13:06Z. According to the timestamp in autoupdate.cfg, the release was presumably packaged at 20250618-234919. That still leaves about a day to (automatically) upload the final release binaries to Virustotal, Microsoft, etc. so AV vendors can have a go at them. If all goes well, the release will not be delayed. Only if Virustotal returns significant false positives, I'd delay the update for a day or two, hoping the AV vendors will have sorted out the false positives by then.The virus vendors spend two weeks before they whitelist. This has been discussed before. So I'm not so sure they do it automatically. Sent from my SM-A536B using Tapatalk
ED Team BIGNEWY Posted June 25 ED Team Posted June 25 We hope to have something that should help in a future update. thanks for the comments. 2 Forum rules - DCS Crashing? Try this first - Cleanup and Repair - Discord BIGNEWY#8703 - Youtube - Patch Status Windows 11, NVIDIA MSI RTX 3090, Intel® i9-10900K 3.70GHz, 5.30GHz Turbo, Corsair Hydro Series H150i Pro, 64GB DDR @3200, ASUS ROG Strix Z490-F Gaming, PIMAX Crystal
silverdevil Posted June 25 Posted June 25 17 hours ago, MAXsenna said: Thank you for your sober and eloquent post! hey man. i was sober too. 1 AKA_SilverDevil Join AKA Wardogs Email Address My YouTube “The MIGS came up, the MIGS were aggressive, we tangled, they lost.” - Robin Olds - An American fighter pilot. He was a triple ace. The only man to ever record a confirmed kill while in glide mode.
MAXsenna Posted June 26 Posted June 26 hey man. i was sober too. Yeah, but you're on my side and have a pass by default! Sent from my SM-A536B using Tapatalk 1
peachpossum Posted Thursday at 03:44 PM Posted Thursday at 03:44 PM The latest update appears to have corrected the issue with Standalone dedicated server files getting quarantined as trojans. Thank you ED for fixing this issue rather than having everyone bypass security. Windows 11 Pro 64-bit i7-14700k 3.4 GHz, 64 GB DDR5-6000 MHz, Samsung 980 pro NVMe for DCS drive. ASUS 790-F ROG Strix Gaming Wifi LGA 1700, nVidia RTX 4090, Dell Ultrasharp U3818DW 3840x1600 60Hz.
Solution JABowders Posted Friday at 01:58 AM Author Solution Posted Friday at 01:58 AM 1 July Update fixed the issues, but the update did create a new install folder. But the issue was resolved. My server is up and running again. Thank you.
Recommended Posts