Topic by lukas 2017-11-16 23:54:50

  • lukas
  • Hunter grunt
  • Offline
  • From: Prague, Czech Republic
  • Registered: 2010-11-02
  • Posts: 1,352
  • User Karma: 77

Hi all,

has anyone recently tried to download the most recent installer that is available from the Quentin C. Playroom official site, under Windows 10 Fall Creators Update, with the standard built-in Windows Defender enabled and running?

When I try to run the installer under these conditions, before it can even display a window, I immediately get a warning notification that this file contains a serious threat (there was a difficult to copy name of the specific Trojan in question, I can double check it and post it here if needed) and the file is automatically quarantined.

I tend to think it's just one of these false positives, but I'm still a little concerned. What if the site has been hacked and the installer actually infected with a real virus? Has anyone heard anything about the QC salon site being hacked? Because, if it were to be a false positive alert, wouldn't it make more sense for it to be triggered at the actual game executable, that does actually connect and talk to the internet, rather than at the mere installer?

Thanks for everyone's opinions and input on the matter.
Lukas

I won't be using this account any more or participating in the forum activity through other childish means like creating an alternate account. I've asked for the account to be removed but I'm not sure if that's actually technically possible here. Just writing this for people to know that I won't be replying, posting new topics or checking private messages until the account is potentially removed.

Quote Post 1

Thumbs up

Reply by BlindJedi 2017-11-17 05:53:17

  • Registered: 2014-02-01
  • Posts: 989
  • User Karma: 64

Due to how faulty windows defender is, i'd say its nothing. If your really that concerned though, i'd disable windows defender and try another scanning program, there are plenty of better scanner tools out there both free and paid for you to try.

I am the blind jedi, I use the force to see. I am the only blind jedi.

Quote Post 2

Thumbs up

Reply by ogomez92 2017-11-17 13:10:37

  • Registered: 2010-02-08
  • Posts: 2,801
  • User Karma: 336

I had the same problem. Disabling win defender fixed it. yay!

ReferenceError: Signature is not defined.

ogomez92's Website

Quote Post 3

Thumbs up

Reply by lukas 2017-11-17 14:26:04

  • lukas
  • Hunter grunt
  • Offline
  • From: Prague, Czech Republic
  • Registered: 2010-11-02
  • Posts: 1,352
  • User Karma: 77

Well, it's funny that you joined the discussion, Oriol, because I actually had two more games do the same thing to me, just with different names of the supposed trojans, and these were Rhythm Rage and Death on the Road... :-D

Windows Defender is probably becoming a lot more active than it used to. I mean, I have sort of heard that it's faulty before, but I have never before actually seen it even attempt to identify a single threat. I am not against disabling it but I wouldn't probably feel as comfortable using the system without running a single scanner at all on it. Can anyone recommend an alternative that's at least as accessible to use and does not seem to slow the system or the screen reader (NVDA) down a great deal when running, like Windows Defender? If you can name one that fulfills both conditions and is also reliable to use and efficient in identifying actual viruses and leaving harmless software alone, I'll gladly switch to using it the next instant. :-)

Lukas

I won't be using this account any more or participating in the forum activity through other childish means like creating an alternate account. I've asked for the account to be removed but I'm not sure if that's actually technically possible here. Just writing this for people to know that I won't be replying, posting new topics or checking private messages until the account is potentially removed.

Quote Post 4

Thumbs up

Reply by braille0109 2017-11-18 06:23:42

  • Registered: 2016-11-19
  • Posts: 650
  • User Karma: 113

just add program files x86, and your downloads to the exceptions and be done with it. some might say that that's a risk, but it's still safer than disabling defender. not to mention defender will reenable itself.

Find me on Twitter!

Quote Post 5

Thumbs up

Reply by crashmaster 2017-11-18 21:45:22

  • Registered: 2010-08-25
  • Posts: 2,011
  • User Karma: 126

Well a lot of bgt and scripting games are targeted.
It doesn't happen to every game, I usually have a folder of games that are unprocessed when its flagged as something.
It will happen with other scanners.
Right now, I have disabled it on all oriol games,  gma games, and bsc games.
And any other game folder that shows this up.
Due to it being a real pain in the guts when I load some software I may have to make folders in certain places and have it not scan those, sometimes its installers who knows.
I was talking with aprone or was it liam on this issue or maybe it appeared in one of liam's streams.
His stuff never had it and he couldn't  reproduce it but the theory is its in certain timing code blocks, which is giving a false signature which is exactly what this is.
If a program mimics a virus, then it probably is.
But if it isn't and there is that bit then the engine well says it is.
Ofcause the point is antivirus and all security software is dumb and stupid.
Take away their databases and you have nothing.
Its possible that the databases aren't even targeting our stuff spaciffically but who knows.
There is no simple way to get things corrected and no company will worry about the blind and their games.
I did try once in a supposed lagit contact service but got no responce so I assume we are so low on the priority list we just end up at the end of it.
It doesn't help that 99.999% of everything else usually works without a problem.
Ofcause if every program that was lagit had certifficates then it wouldn't be a problem.
But as I understand those can be hacked to and cost cash.
If there was a reasonable way to get a cert though then it wouldn't matter what your program was as long as it had one then it wouldn't matter.
Nvda has one, though it to has been a virus due to a buggy python compiler and initially they used a previous version of that, later on maybe that was fixed or maybe they switched to another one not giving the false issue.
Nvaccess does have a cert which means its signed.
If your stuff is signed the system assumes you are secure and you are not a problem.
Ofcause it would be nice you knew what a thing was, the program usually says win32, random name and a lot of chars.
Search a database for those and you don't usually find much.
It would be nice if a program shows up and says this is a virus, here is what to do if you think it isn't but they don't.
It was why I quit sophos and switched back to msse, the system was clearing things before I had a chance to exclude them.
I also exclude my main program backup location on my external hard drive because its always generating false positives and not good for that.
As for excluding your program files folders, since they are part of your os I wouldn't do that same with your downloads folder.
Saying that there is nothing against creating another downloads folder in another location for other things and excluding that.
I have a main downloads folder but I have another outside my user account off my root for easier access which is for when I use my ftp client and its only used for that.
I have hummed and hared about excluding my dropbox locations though my dropbox did have dangerous files in there once from a hacked system so I really don't care to do that.
I had to a few times turn off windows antivirus to allow it to download whatever else my dropbox never downloaded anything till it was cleared.
The issues were traced to a system and they fixed it.
I've never had any other conflicts when using a secured folder though a few people gave me public read right access keys to bt sync folders for open project work.
In theory this was fine, but rarely did the people that were getting the key use it for open projects I think about 2-10 hackers on there actually tried to use it for open projects but the rest uploaded content not meant for the systems, hacker tools, viruses, ransomware, audio books, videos, movies, etc, etc and it just got killed eventually.
I am on one dropbox where stuff is tested but not many times are  there are projects tested, sometimes mods, some movies, some books but nothing stays active for more than a day.
Sometimes I do get in and am able to catch the end of some descussion and bag something but a lot of that has gone now.

Quote Post 6

Thumbs up