Jump to content

False Positive in Helldivers 2


Recommended Posts

Hi,

since the last update of the game "Helldivers 2" on Steam the file D:\Programme\Steam\steamapps\common\Helldivers 2\data\game\game.dll will be reportet as a variant of Win64/Packed.Themida.L and be deleted.

This is a known problem in the community and occurs only with eset and no other antivir.

I don't want to just create and exclusion for the file.

Would be nice if someone can look into the matter....

Greetings

Apas

Link to comment
Share on other sites

I'm having the same problem. Did a search and I'm seeing everyone with ESET security and playing Helldiver2 is having the same problem. Will this be fixed in a way that I don't have to do anything but wait? I'm not good with computer programing stuff. The only fix I'm seeing currently is changing settings in ESET, which I don't clearly understand. Id rather not do that and possible mess something up.

Link to comment
Share on other sites

  • Administrators
1 hour ago, MK369 said:

I'm having the same problem. Did a search and I'm seeing everyone with ESET security and playing Helldiver2 is having the same problem. Will this be fixed in a way that I don't have to do anything but wait? I'm not good with computer programing stuff. The only fix I'm seeing currently is changing settings in ESET, which I don't clearly understand. Id rather not do that and possible mess something up.

Please provide logs collected with ESET Log Collector as I requested in my post above.

Link to comment
Share on other sites

42 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector as I requested in my post above.

Hello, did the log collector and opened a case.

Thanks

Link to comment
Share on other sites

Posted (edited)

Per VirusTotal analysis: https://www.virustotal.com/gui/file/ab920976c7aebc1d3c50a9ef23b3a2eda36551002f37f466b1664aecd4f684e4/details , the .dll is code signed which would further indicate its a legit file.

The Eset detection of a variant of Win64/Packed.Themida.L indicates the .dll file is using software code protection making it impossible for Eset to scan the file. Code protection is deployed by developers to prevent their code being stolen via reverse engineering methods. It also is used by malware developers for the same reason.

Edited by itman
Link to comment
Share on other sites

  • Administrators

Please upload your ELC logs here. Attachments can be accessed only by ESET staff.

Link to comment
Share on other sites

Posted (edited)

FYI:

Quote

Helldivers 2 & nProtect GameGuard (anti-cheat)

DEVELOPER

Hi everyone,

My name is Peter Lindgren and I'm the Technical Director of HELLDIVERS 2. I've been making games at Arrowhead since the Magicka-days and I've been involved in every game we've released to date.

I will do my best in this post to address the concerns and confusion that's come up recently regarding the choice of Anti-Cheat software in HELLDIVERS 2.

So, let's start off with the more urgent questions:

Is GameGuard a kernel-level / administrator-priviledge anti-cheat?

Yes, GameGuard is a "kernel-level", aka rootkit, anti-cheat. Most anti-cheat run at "kernel-level", especially all of the popular ones. It's unfortunately one of the more effective ways to combat cheating.

https://www.reddit.com/r/Helldivers/comments/19dp2qw/helldivers_2_nprotect_gameguard_anticheat/

Bottom line - when you run this software, a kernel mode rootkit is being deployed. It's the user's decision on whether to use the software since there is always the possibility it could be used maliciously.

Edited by itman
Link to comment
Share on other sites

line 2

...some (not widely known) antivirus, have... 😆😅

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...