Increase in false positives in the last few days

[Tucks60 0]

As the title suggests, I've been getting a lot of false positives recently when playing games, Exoprimal is one game, when launching the game the anti-cheat software is flagged by eset and it deletes the main exe of the game. From memory the suspicious app was Win64/Packed.VMProtect.J

I then installed Albion Online on steam and got the same thing (my friend who uses Eset also had this issue, thats why I installed albion) and at the end of the install it flags the games exe with Win64/Packed.VMProtect.AA

Is this due to an eset detection update or (more likely) a shared library/resource that easy anti cheat and battle eye (respective cheat detection engines for each game) that has been updated?

Can someone confirm these are definitely false positives and not something more nafarious that have been distributed by the anti cheat developers by accident due to some sort of compromise?

Unfortunately I can't provide the files for analysis.

Edited July 28, 2023 by Tucks60

[Aryeh Goretsky 379]

Hello,

Please share the log file entries.  Open the ESET user interface and select Tools → Log files to view the detection entries.  Then right-click on each one and select Copy from the context menu that pops up.  You can then paste these into your reply to this message.

Regards,

Aryeh Goretsky

[Marcos 5,085]

If I remember correctly, those are unsigned binaries protected by VMProtect which is a packer often misused by adversaries to evade detection. Such protected files should be signed to decrease the level of suspiciousness. Please provide the appropriate records from the Detections log here as suggested by Aryeh above and submit the detected files to samples[at]eset.com.