Jump to content

Antivirus Problems


Recommended Posts

Dear Aslain,
For some time now there have been repeated problems with the modpack being incorrectly identified as a virus. I don't know all antivirus programs, so I'm speaking from my experience with ESET. It is NOT possible for ESET users to temporarily release a file that is classified as potentially dangerous. Even temporarily deactivating the antivirus during installation does not help, because ESET automatically reactivates itself when you try to install such a file. The only option would be to uninstall ESET completely, which is not really an option.

Submitting a file to ESET for review is usually pointless, because by the time this process is complete and the file is released by ESET, the next Aslain version is usually ready and the game starts again from the beginning.

I love the Aslain Modpack and appreciate your work very much, but is there no way to reduce the false detections again? I have generally been very happy with ESET for many years and apart from the Aslain Modpack I have not had any problems. Removing ESET is therefore not really an option and I think many users feel the same way.

I hope a solution can be found.
Dirk.

Link to comment
  • Administrator

I understand the frustration caused by antivirus software like ESET misidentifying the modpack as a potential threat. Unfortunately, false-positive detections are quite common, especially with custom software like mine, which is safe and secure. The issue arises from how antivirus algorithms detect new or less commonly used software, leading to these false alerts. The nature of how the modpack installer works can sometimes trigger antivirus heuristics. The installer might perform actions that, although completely safe, resemble the behavior of certain malware in the eyes of the antivirus software. These programs, particularly those that rely heavily on heuristic detection and AI-based algorithms, might falsely flag the modpack as a threat because they detect patterns that superficially resemble malicious activity.

One potential solution is to purchase a digital signature certificate. While this could help reduce false-positive detections, it's important to note that it solves only part of the problem. Additionally, acquiring and maintaining such a certificate is quite expensive and requires regular renewals, making it less feasible in the long term especially for a free software like mine. Even with a digital signature, there's no absolute guarantee that all antivirus programs, including ESET, will stop flagging the files.

Rest assured, my modpack is entirely safe, and these warnings are indeed false-positive results. If possible, you can try submitting the file to ESET for review, but I understand that this process can take time, and by then, a new modpack version might already be out.

I hope this clarifies the situation a bit more. Unfortunately, there’s no perfect fix for these false detections...

 

Link to comment

Hello Aslain and thank you for the quick reply.
What surprises me is that the antivirus programs have only been recognizing the Aslain Modpack as a false positive for some time. Before, it always worked without any problems with ESET. Has anything changed in the Aslain Modpack in the last few months that is causing these frequent false positive detections?

Please don't misunderstand me, I trust you completely and believe you that there is no virus in your modpack. Unfortunately, modern and secure antivirus software like ESET leaves you no choice and you cannot prevent these files from being blocked unless you uninstall the entire antivirus software.

 

The "Restore and exclude from scan" function is grayed out. When I asked ESET supprt, I was told that you can only manually exclude files that are identified as "potentially unwanted" from further scans, but not files that have been classified as "potentially dangerous". These can only be released after they have been sent in and analyzed by ESET, which unfortunately usually takes quite a long time.

Eset-Aslain.png

Edited by StEnDi78
Link to comment

Hello Aslain and all  :),

For your information, I also have ESET as my antivirus and I was able to get around the problem by:
1-deactivating ESET
2-downloading the file using the OPERA browser (with Chrome/Firefox this doesn't work).
3-installation ok 🙂
4-reactivate ESET

 

o7

  • Upvote 1
Link to comment
On 9/30/2024 at 3:41 AM, StEnDi78 said:

Submitting a file to ESET for review is usually pointless, because by the time this process is complete and the file is released by ESET, the next Aslain version is usually ready and the game starts again from the beginning.

I submitted a false positive once to BitDefender. I tried to download and install an hour later and it worked

On 9/30/2024 at 8:54 AM, StEnDi78 said:

Unfortunately, modern and secure antivirus software like ESET leaves you no choice and you cannot prevent these files from being blocked unless you uninstall the entire antivirus software.

Anything but modern and secure. ESET LiveGrid and other 'reputational' or AI based systems are basically admissions they got no idea what's going on and until there are many recorded problem free downloads approved by the big AV players they'll block the file in question. 

 

On 9/30/2024 at 3:41 AM, StEnDi78 said:

Removing ESET is therefore not really an option

Why not? Indentured servitude? Digital bondage? Shareholder or employee?

  • Upvote 1
Link to comment
  • Administrator

I realized that WG embedded a link to Pastebin in the game client for checking the version of my modpack in the port which was needed for my mod. This was back when Lesta was still developing the game. It wasn't easy to get and now asking them to change that link would be very awkward, and I’m not sure if they would agree again. They might even remove the link altogether. I would prefer if ESET used some of its tricks and didn't flag Pastebin, which doesn’t have to be used for malicious purposes (most often it’s not). I'm not even sure where I should store that text links to not get flagged for no reason. By the way I'm using Pastebin in both modpack since forever (10 years) and ESET is an ass only "just recently".

Link to comment
Am 4.10.2024 um 15:13 schrieb Capt_Oveur:

Why not? Indentured servitude? Digital bondage? Shareholder or employee?

 

I really appreciate and use the Aslain Modpack, but seriously, why would I give up my security software that I've been using on many devices for years and with which I otherwise have no problems just to be able to use this one modpack? Don't get me wrong, the Aslain Modpack is great and I would hate to do without it, but uninstalling my entire security suite, which otherwise does a good job, is out of proportion.

 

Anyway, it seems like a long-term solution from ESET is in the offing.

  • Like 1
Link to comment
  • Administrator
1 hour ago, StEnDi78 said:

 

I really appreciate and use the Aslain Modpack, but seriously, why would I give up my security software that I've been using on many devices for years and with which I otherwise have no problems just to be able to use this one modpack? Don't get me wrong, the Aslain Modpack is great and I would hate to do without it, but uninstalling my entire security suite, which otherwise does a good job, is out of proportion.

 

Anyway, it seems like a long-term solution from ESET is in the offing.

Looking at it from the other side, why should I abandon reliable and proven text data delivery services for my modpack like Pastebin just because of one antivirus program that only recently started causing issues with my software? There are many antivirus programs, and for example, I may switch from Pastebin to something else now, but another antivirus might suddenly decide that my modpack is unsafe because it hasn’t been downloaded enough times or lacks a digital signature, and then I’d have to incur large expenses. If Pastebin were actually a dangerous platform... but it’s not, just because some group of people uses it for malicious purposes. It’s like saying I would have to change my email from Gmail to something else just because some hacker also used Gmail — it’s nonsense... 🙂 

 

I could deliver this data directly from my site aslain.com, but if the server goes down, the modpack will malfunction. I also don’t know if Eset might flag my site as malicious for some ridiculous reason. Or, if I switch from Pastebin to another similar service, how can I know that Eset won’t treat the other service the same way it treats Pastebin?

Anyway, I will think about the change, but I hate abonding it for this sole reason, and the other methods are more tricky, and may cause more potential issues in a future.... while pastebin is reliable.

  • Like 1
Link to comment
vor 6 Stunden schrieb Aslain:

Looking at it from the other side, why should I abandon reliable and proven text data delivery services for my modpack like Pastebin just because of one antivirus program that only recently started causing issues with my software? There are many antivirus programs, and for example, I may switch from Pastebin to something else now, but another antivirus might suddenly decide that my modpack is unsafe because it hasn’t been downloaded enough times or lacks a digital signature, and then I’d have to incur large expenses. If Pastebin were actually a dangerous platform... but it’s not, just because some group of people uses it for malicious purposes. It’s like saying I would have to change my email from Gmail to something else just because some hacker also used Gmail — it’s nonsense... 🙂 

 

I could deliver this data directly from my site aslain.com, but if the server goes down, the modpack will malfunction. I also don’t know if Eset might flag my site as malicious for some ridiculous reason. Or, if I switch from Pastebin to another similar service, how can I know that Eset won’t treat the other service the same way it treats Pastebin?

Anyway, I will think about the change, but I hate abonding it for this sole reason, and the other methods are more tricky, and may cause more potential issues in a future.... while pastebin is reliable.

 

I completely agree with you Aslain, I would never expect you to change everything you do to solve the problem with a single antivirus provider. I was just hoping - and if I interpret the thread in the ESET forum correctly, it seems to point in that direction - that together with ESET we can find a permanent solution that doesn't require a lot of effort.

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.