StEnDi78 Posted September 30 Posted September 30 Dear Aslain, For some time now there have been repeated problems with the modpack being incorrectly identified as a virus. I don't know all antivirus programs, so I'm speaking from my experience with ESET. It is NOT possible for ESET users to temporarily release a file that is classified as potentially dangerous. Even temporarily deactivating the antivirus during installation does not help, because ESET automatically reactivates itself when you try to install such a file. The only option would be to uninstall ESET completely, which is not really an option. Submitting a file to ESET for review is usually pointless, because by the time this process is complete and the file is released by ESET, the next Aslain version is usually ready and the game starts again from the beginning. I love the Aslain Modpack and appreciate your work very much, but is there no way to reduce the false detections again? I have generally been very happy with ESET for many years and apart from the Aslain Modpack I have not had any problems. Removing ESET is therefore not really an option and I think many users feel the same way. I hope a solution can be found. Dirk. Quote
Administrator Aslain Posted September 30 Administrator Posted September 30 I understand the frustration caused by antivirus software like ESET misidentifying the modpack as a potential threat. Unfortunately, false-positive detections are quite common, especially with custom software like mine, which is safe and secure. The issue arises from how antivirus algorithms detect new or less commonly used software, leading to these false alerts. The nature of how the modpack installer works can sometimes trigger antivirus heuristics. The installer might perform actions that, although completely safe, resemble the behavior of certain malware in the eyes of the antivirus software. These programs, particularly those that rely heavily on heuristic detection and AI-based algorithms, might falsely flag the modpack as a threat because they detect patterns that superficially resemble malicious activity. One potential solution is to purchase a digital signature certificate. While this could help reduce false-positive detections, it's important to note that it solves only part of the problem. Additionally, acquiring and maintaining such a certificate is quite expensive and requires regular renewals, making it less feasible in the long term especially for a free software like mine. Even with a digital signature, there's no absolute guarantee that all antivirus programs, including ESET, will stop flagging the files. Rest assured, my modpack is entirely safe, and these warnings are indeed false-positive results. If possible, you can try submitting the file to ESET for review, but I understand that this process can take time, and by then, a new modpack version might already be out. I hope this clarifies the situation a bit more. Unfortunately, there’s no perfect fix for these false detections... Quote
StEnDi78 Posted September 30 Author Posted September 30 (edited) Hello Aslain and thank you for the quick reply. What surprises me is that the antivirus programs have only been recognizing the Aslain Modpack as a false positive for some time. Before, it always worked without any problems with ESET. Has anything changed in the Aslain Modpack in the last few months that is causing these frequent false positive detections? Please don't misunderstand me, I trust you completely and believe you that there is no virus in your modpack. Unfortunately, modern and secure antivirus software like ESET leaves you no choice and you cannot prevent these files from being blocked unless you uninstall the entire antivirus software. The "Restore and exclude from scan" function is grayed out. When I asked ESET supprt, I was told that you can only manually exclude files that are identified as "potentially unwanted" from further scans, but not files that have been classified as "potentially dangerous". These can only be released after they have been sent in and analyzed by ESET, which unfortunately usually takes quite a long time. Edited September 30 by StEnDi78 Quote
Administrator Aslain Posted September 30 Administrator Posted September 30 Before I updated Inno Setup, on a new compiler etc, anyway it totally doesnt matter if before was ok, and now it's triggering your AV. Programs receives updates, either mine, and AV. Check this out too, especially the last post: https://aslain.com/index.php?/topic/28748-update-02-repor Quote
ArxNiklaus Posted October 3 Posted October 3 Hello Aslain, Yep same issue from Esset (while there was no problem for the last 2 years) Please check the screenshot below: https://ibb.co/gJxhjfX Temporary fix is it create a folder, and add this folder on the exclusion list. It will let you to install the mods Quote
ArxNiklaus Posted October 3 Posted October 3 I created a post by the way in the ESET forums https://forum.eset.com/topic/42660-aslain-modpack-for-world-of-warships/#comment-190351 1 Quote
bluejabba Posted October 3 Posted October 3 Hello Aslain and all :), For your information, I also have ESET as my antivirus and I was able to get around the problem by: 1-deactivating ESET 2-downloading the file using the OPERA browser (with Chrome/Firefox this doesn't work). 3-installation ok 🙂 4-reactivate ESET o7 1 Quote
Capt_Oveur Posted October 3 Posted October 3 Yeah, So why don't you post on ESET's website? It has nothing to do with Aslain, you are just fearmongering here. https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#SubmitFile 1 Quote
Capt_Oveur Posted October 4 Posted October 4 On 9/30/2024 at 3:41 AM, StEnDi78 said: Submitting a file to ESET for review is usually pointless, because by the time this process is complete and the file is released by ESET, the next Aslain version is usually ready and the game starts again from the beginning. I submitted a false positive once to BitDefender. I tried to download and install an hour later and it worked On 9/30/2024 at 8:54 AM, StEnDi78 said: Unfortunately, modern and secure antivirus software like ESET leaves you no choice and you cannot prevent these files from being blocked unless you uninstall the entire antivirus software. Anything but modern and secure. ESET LiveGrid and other 'reputational' or AI based systems are basically admissions they got no idea what's going on and until there are many recorded problem free downloads approved by the big AV players they'll block the file in question. On 9/30/2024 at 3:41 AM, StEnDi78 said: Removing ESET is therefore not really an option Why not? Indentured servitude? Digital bondage? Shareholder or employee? 1 Quote
ArxNiklaus Posted October 7 Posted October 7 I confirm now that the issue with Esset happens when the mod pack is downloaded with Chrome. There is no detection from Esset when this is downloaded with Edge or Opera.. 1 Quote
ArxNiklaus Posted October 9 Posted October 9 (edited) For now i got confirmation from ESET that the issue was fixed. @Aslain for your refference that was the answer below from the admins Edited October 9 by ArxNiklaus 2 Quote
Administrator Aslain Posted October 9 Administrator Posted October 9 I see, so they don't like pastebin. Maybe I can find a different place for those version configs then. I will think about... 1 Quote
Administrator Aslain Posted October 9 Administrator Posted October 9 I realized that WG embedded a link to Pastebin in the game client for checking the version of my modpack in the port which was needed for my mod. This was back when Lesta was still developing the game. It wasn't easy to get and now asking them to change that link would be very awkward, and I’m not sure if they would agree again. They might even remove the link altogether. I would prefer if ESET used some of its tricks and didn't flag Pastebin, which doesn’t have to be used for malicious purposes (most often it’s not). I'm not even sure where I should store that text links to not get flagged for no reason. By the way I'm using Pastebin in both modpack since forever (10 years) and ESET is an ass only "just recently". Quote
StEnDi78 Posted October 11 Author Posted October 11 Am 4.10.2024 um 15:13 schrieb Capt_Oveur: Why not? Indentured servitude? Digital bondage? Shareholder or employee? I really appreciate and use the Aslain Modpack, but seriously, why would I give up my security software that I've been using on many devices for years and with which I otherwise have no problems just to be able to use this one modpack? Don't get me wrong, the Aslain Modpack is great and I would hate to do without it, but uninstalling my entire security suite, which otherwise does a good job, is out of proportion. Anyway, it seems like a long-term solution from ESET is in the offing. 1 Quote
Administrator Aslain Posted October 11 Administrator Posted October 11 1 hour ago, StEnDi78 said: I really appreciate and use the Aslain Modpack, but seriously, why would I give up my security software that I've been using on many devices for years and with which I otherwise have no problems just to be able to use this one modpack? Don't get me wrong, the Aslain Modpack is great and I would hate to do without it, but uninstalling my entire security suite, which otherwise does a good job, is out of proportion. Anyway, it seems like a long-term solution from ESET is in the offing. Looking at it from the other side, why should I abandon reliable and proven text data delivery services for my modpack like Pastebin just because of one antivirus program that only recently started causing issues with my software? There are many antivirus programs, and for example, I may switch from Pastebin to something else now, but another antivirus might suddenly decide that my modpack is unsafe because it hasn’t been downloaded enough times or lacks a digital signature, and then I’d have to incur large expenses. If Pastebin were actually a dangerous platform... but it’s not, just because some group of people uses it for malicious purposes. It’s like saying I would have to change my email from Gmail to something else just because some hacker also used Gmail — it’s nonsense... 🙂 I could deliver this data directly from my site aslain.com, but if the server goes down, the modpack will malfunction. I also don’t know if Eset might flag my site as malicious for some ridiculous reason. Or, if I switch from Pastebin to another similar service, how can I know that Eset won’t treat the other service the same way it treats Pastebin? Anyway, I will think about the change, but I hate abonding it for this sole reason, and the other methods are more tricky, and may cause more potential issues in a future.... while pastebin is reliable. 1 Quote
StEnDi78 Posted October 11 Author Posted October 11 vor 6 Stunden schrieb Aslain: Looking at it from the other side, why should I abandon reliable and proven text data delivery services for my modpack like Pastebin just because of one antivirus program that only recently started causing issues with my software? There are many antivirus programs, and for example, I may switch from Pastebin to something else now, but another antivirus might suddenly decide that my modpack is unsafe because it hasn’t been downloaded enough times or lacks a digital signature, and then I’d have to incur large expenses. If Pastebin were actually a dangerous platform... but it’s not, just because some group of people uses it for malicious purposes. It’s like saying I would have to change my email from Gmail to something else just because some hacker also used Gmail — it’s nonsense... 🙂 I could deliver this data directly from my site aslain.com, but if the server goes down, the modpack will malfunction. I also don’t know if Eset might flag my site as malicious for some ridiculous reason. Or, if I switch from Pastebin to another similar service, how can I know that Eset won’t treat the other service the same way it treats Pastebin? Anyway, I will think about the change, but I hate abonding it for this sole reason, and the other methods are more tricky, and may cause more potential issues in a future.... while pastebin is reliable. I completely agree with you Aslain, I would never expect you to change everything you do to solve the problem with a single antivirus provider. I was just hoping - and if I interpret the thread in the ESET forum correctly, it seems to point in that direction - that together with ESET we can find a permanent solution that doesn't require a lot of effort. 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.