Jump to content

False positive.


Recommended Posts

Was downloading a game on Uplay and Eset decided it didnt like the game's .exe. Considering this is an official download combined with a new freshly installed system my best guess is that it's a false positive.

Including a log with the post.

https://www.virustotal.com/gui/file/adf989da879596ea17b9048700260c1e909c0c16f343944d70b60913fc341f4c/detectionEset.txt

 

Link to comment
Share on other sites

Well, it was detected by Eset internet security yesterday on my PC, it got quarantined on my machine, I then uploaded said file to virustotal which now shows that it's clean, strange honestly.

Link to comment
Share on other sites

  • 3 weeks later...

I too have just had this happen on 2 different PC's. 

 

Updating a Ubisoft game called Riders Republic last night both mine and missus PC both had ESET flag the main exe and delete it. 

Please advise

 

Link to comment
Share on other sites

  • Administrators
4 minutes ago, Gunzta said:

Updating a Ubisoft game called Riders Republic last night both mine and missus PC both had ESET flag the main exe and delete it.

Please copy and paste the appropriate record from the Detections log.

Link to comment
Share on other sites

Hi Marcos. Thanks for quick response. 

First contact: 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
10/02/2022 22:00:03;Real-time file system protection;file;G:\Ubisoft\RidersRepublic\uplay_download\5487\RidersRepublic.exe;a variant of Win64/Packed.VMProtect.L suspicious application;cleaned by deleting;3900X-ADZ\adamp;Event occurred on a file modified by the application: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe (CDE3BDCF2E20035E78FA48639A1C434347D9ADCE).;8576EDA22EB13746C47F2ACF7CF4A27546E39422;10/02/2022 21:59:59

 

And this is a retry of the above because the game update failed as a result of this. 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
10/02/2022 22:13:47;Real-time file system protection;file;G:\Ubisoft\RidersRepublic\uplay_download\5487\RidersRepublic.exe;a variant of Win64/Packed.VMProtect.L suspicious application;cleaned by deleting;3900X-ADZ\adamp;Event occurred on a file modified by the application: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe (CDE3BDCF2E20035E78FA48639A1C434347D9ADCE).;ABFB33960541725E9A6A112E1FB38CF8BC40B9B8;10/02/2022 22:13:43

 

I am currently unable to play/launch the game.
 

Link to comment
Share on other sites

  • Most Valued Members

Probably ESET flagged Denuvo DRM for some reason, I think the game is protected by it since it's Ubisoft game.

It is a heavy DRM and not that much liked by the consumers even.

 

Quote

In May 2020, Kaspersky Anti-Virus detected the now removed Denuvo implementation in Doom Eternal as malware, possibly due to its kernel-level access

 

Quote

Games protected by Denuvo require an online activation.[21] The software uses a "64-bit encryption machine".[

That explains the detection , Packed.VMProtect

You can read more here : https://en.wikipedia.org/wiki/Denuvo

But indeed it is a false positive unless there is something wrong at Ubisoft.

 

If you are sure about the executable and you trust what you got from Ubisoft , you can exclude the detection till ESET can fix it from their side, or you can wait for ESET to fix it with an update.

Edited by Nightowl
Link to comment
Share on other sites

  • Administrators

I'll get the file checked by the author of the detection. It's not that we would detect all VMProtected files.

Link to comment
Share on other sites

3 hours ago, Gunzta said:

First contact: 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
10/02/2022 22:00:03;Real-time file system protection;file;G:\Ubisoft\RidersRepublic\uplay_download\5487\RidersRepublic.exe;a variant of Win64/Packed.VMProtect.L suspicious application;cleaned by deleting;3900X-ADZ\adamp;Event occurred on a file modified by the application: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe (CDE3BDCF2E20035E78FA48639A1C434347D9ADCE).;8576EDA22EB13746C47F2ACF7CF4A27546E39422;10/02/2022 21:59:59

Appears Eset is not the only AV having issues with this. Others also are blocking it. Per the Ubisoft forum:

Quote

Edit - FOUND A SOLUTION through another post:

  • Add your ridersrepublic.exe into the excluded files list in your antivirus. I use F-Secure and adding the game into the excluded files list solved the issue.

_____________________________________________________________________________________________________________________________________________________________________________
I'm having the exact issue with the game after updating the game's todays patch. I've yet to try the reinstallation process of the game but I've:

  • Verified the game files
  • Reinstalled ubisoft connect
  • Deleted the .exe file from installation folder and verified the files again

But no help for the issue. Feels kinda bad experience atm if after a big patch we have to reinstall the game. Btw there's a reddit post about the topic in your subreddit and at least for one person the reinstallation did not work.

Here's a picture of the error: https://imgur.com/a/57GQjbk and it is pretty confusing tbh. It's definitely purchased version from Epic Game Store and it definitely is not manipulated in any way as the error message highly intends it to be.

Here's the reddit post:

https://www.reddit.com/r/RidersRepublic/comments/snls2g/ridersrepublicexe_corrupted/

 and its part

Edited by itman
Link to comment
Share on other sites

3 hours ago, Nightowl said:

Probably ESET flagged Denuvo DRM for some reason, I think the game is protected by it since it's Ubisoft game.

It is a heavy DRM and not that much liked by the consumers even.

 

 

That explains the detection , Packed.VMProtect

You can read more here : https://en.wikipedia.org/wiki/Denuvo

But indeed it is a false positive unless there is something wrong at Ubisoft.

 

If you are sure about the executable and you trust what you got from Ubisoft , you can exclude the detection till ESET can fix it from their side, or you can wait for ESET to fix it with an update.

The game was released a few months ago (28 October 2021), and while it would be common place to include DRM like Denuvo at launch, its not unusual for many developers to removed once the launch window has passed (there are examples of this happening). I find it odd that it would be added now, 3 months after launch. Not saying you are wrong, just that I find it strange. 

 

I'll wait for ESET to address the issue with an update. :) I'm sure it won't be long. 

Link to comment
Share on other sites

Also having this problem, detection log below:

 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
10/02/2022 22:00:23;Real-time file system protection;file;G:\Ubisoft\RidersRepublic\uplay_download\5487\RidersRepublic.exe;a variant of Win64/Packed.VMProtect.L suspicious application;cleaned by deleting;3700X-SEL\missd;Event occurred on a file modified by the application: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe (CDE3BDCF2E20035E78FA48639A1C434347D9ADCE).;8576EDA22EB13746C47F2ACF7CF4A27546E39422;10/02/2022 22:00:20
 

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, Gunzta said:

The game was released a few months ago (28 October 2021), and while it would be common place to include DRM like Denuvo at launch, its not unusual for many developers to removed once the launch window has passed (there are examples of this happening). I find it odd that it would be added now, 3 months after launch. Not saying you are wrong, just that I find it strange. 

 

I'll wait for ESET to address the issue with an update. :) I'm sure it won't be long. 

I doubt they have removed it , they just have updated it.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...