These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Issues, Workarounds & Localization

 
  • Topic is locked indefinitely.
 

AVG Antivirus Threat Detected
Author
Previous Topic Next Topic
guminotare
Total Mayhem Ravage
#1 - 2013-06-08 17:24:28 UTC
Had 0 ZERO issues with the new launcher and the expansion until today.

Today I started the eve launched and to my hearts discontent, AVG my antivirus sets off an alarm telling me there is a threat detected.

Threat: General behavioral detection
Object name: D:\Program Files (x86)\Steam\steamapps\common\eve online\bin\ExeFile.exe
Severity: Medium
State: Reboot is required to finish the action
Identified by: Identity Protection
Date: 6/8/2013, 9:47:18 AM

CCP why are you trying to harm my computer? Are you trying to steal my credit card info?

Fix this.
Vetr Kryos
Undine Exploration
#2 - 2013-06-08 17:48:40 UTC
guminotare wrote:
CCP why are you trying to harm my computer? Are you trying to steal my credit card info?

Fix this.

I may just be a terrible fool here, but I do rather suspect they're probably not, in fact, trying to harm your computer. And don't they already have your credit card info? They certainly have mine, but I'm getting this same message.

Now, before we get to demanding they 'fix this', shall we consider the possibility that it might not be their issue so much as it is ours? We both run AVG. We've both, since the patch, had the same message. It's possible that CCP has been evil and introduced malware into their new patch - but it's not very likely, is it?

More likely is that something about the patched executable is setting off a false positive with AVG. Look at the message: "General behavioral detection." In other words, "not quite sure what we think is wrong, but it looks a bit fishy to us". This happens routinely with any AV software, which is programmed to look for certain behaviours and can't always tell between a malicious process and a harmless one that's changed recently (e.g. something that's recently been patched).

For myself, I'm happier to know that someone else using the same software is getting the same message - but I think the problem is mine, rather than CCP's.
guminotare
Total Mayhem Ravage
#3 - 2013-06-08 18:02:39 UTC
I see your point but I do not agree with your logic. This is the first time I've ever received this message. If AVG is programmed to monitor certain criminal behavior, then the eve launcher has performed an action that is deemed criminal by a program tool that specialized in recognizing harmful behavior.

I don't know what country you live in but living with the thought that you are to blame for things that go wrong is not normal.

This is like having a tummy ache and you as a person justify the ache to eating too much at dinner. But in reality your tummy ache is due to an ulcer that is bleeding out of control. Of course you need to visit the doctor to find the cause, in my case AVG is my doctor telling me there is a problem.
Vetr Kryos
Undine Exploration
#4 - 2013-06-08 18:15:24 UTC
guminotare wrote:
I see your point but I do not agree with your logic. This is the first time I've ever received this message. If AVG is programmed to monitor certain criminal behavior
It's not. That's not what I said. AVG, like all antivirus programs, identifies certain known threats from a database. But it's also capable of heuristic analysis: that is, it monitors processes to look for activity it considers suspicious (not 'criminal'). Heuristic analysis isn't scientific, by definition. The program is, in effect, taking a guess, albeit an educated one.

Humans make heuristic assessments of situations all the time: you see someone you think is behaving suspiciously, and you decide to avoid them because you determine they're likely to be a threat. You might be right, or you might be wrong: sometimes, there's a perfectly legitimate explanation for what you, lacking any context, have judged as suspicious.

But it pays to be careful, and that's what all AV software does: it acts as a watcher, to alert you to possible problems. It doesn't guarantee a 100% accurate hit rate - but it's generally better to err on the side of false positives than allow genuinely malicious processes to run.

Quote:
I don't know what country you live in but living with the thought that you are to blame for things that go wrong is not normal.
Whereas I would say it's not 'normal' to immediately assume criminal activity on the part of a well-established games company simply because your AV program flashes you an alert. I didn't say I was to blame. I just said that the likelihood is that this isn't CCP's issue, but rather a conflict between the newly-patched launcher or EVE .exe and our AV software. In other words, no-one's to blame, because - if I'm right - it's just 'one of those things'.

Quote:
This is like having a tummy ache and you as a person justify the ache to eating too much at dinner. But in reality your tummy ache is due to an ulcer that is bleeding out of control. Of course you need to visit the doctor to find the cause, in my case AVG is my doctor telling me there is a problem.
Now tell me honestly: do you really go to the doctor every time you have a tummy ache? I certainly don't. I'll consider the circumstances, and if I've recently eaten something different, or more than normal, then sure, I'll be inclined to put it down to that. But if symptoms persist, as the pill packaging might say, then I'll seek medical advice.

I tell you what: I'll tell AVG that this is a false positive, let the application run as normal, and let you know if I have any problems. How's that?
Nuran Mukadder
Chor Aurea
#5 - 2013-06-08 21:19:42 UTC
Vetr's point is throughout correct; it's just a generic warning. I would be rich if I got a dollar for every false positive I get from free antivirus solutions. Paid ones aren't that far behind as well, though.