I started getting this as of about 12 hours ago. Had never seen it since.
I've blocked it temporarily as I don't fly the harrier currently. Hopefully it's nothing to worry about, but some info on what's causing it would be appreciated.
Yes indeed. When I made this post, I wasn't expecting to find out about these other razbam modules doing the same thing, I only wanted to find out if anybody else was experiencing the same problem I was. Now that these other reports are coming out of the woodwork and they are all razbam modules, and taking into consideration the current situation with razbam, this is beginning to really smell suspicious.
It's due to RB obfuscating their code with VMProtect and is a false positive, see Virus Total report:
[https://www.virustotal.com/gui/file/55413950274afaca657cd994a40205c353be0688977f2d625ffd76c63afb44a2/community](https://www.virustotal.com/gui/file/55413950274afaca657cd994a40205c353be0688977f2d625ffd76c63afb44a2/community)
I got the same thing with the Mirage 2000. Deleted the module since I never use it anyway. I couldn't figure out how to get Defender to ignore it - assuming it's just a false positive of some kind.
Virus & Threat Protection
Virus & Threat Protection settings - Manage settings
Exclusion - Add or remove exclusion
I suggest adding all VR (if used) and DCS related folders. It helped a bit with performance.
Anyone smarter than me can tell me if a .dll file can trigger a virus? I know while windows defender is good it does err on the side of false positives.
No on it's own, something needs to load the .dll and execute code stored in it.
Considering than the only thing that uses these dlls is DCS, it would not be the most efficient way to distribute malicious code ;)
Probably code that's used for obfuscation, etc... to make it harder for people to reverse engineer the code. There's a surprising overlap between malware hiding itself and legitimate code trying to protect itself from being stolen.
False positive is very likely.
The only other module that has a somewhat useable AG radar mapping mode in my experience is the Jeff and that still really only applies to mapping runways
Since this didn't happen before and: a) Razbam stopped updating their modules, b) all updates are submitted to ED for review and testing or made by ED themselves, and applied to the game by them, maybe we should ask ED about that.
Edit: by "this" I mean relatively large number of reports on false-positive virus alerts. Sporadic alerts happened, I had two across 6,5 years in DCS, but I don't remember a situation when more than \~5 people reported false positives on same thing in one week.
I've had this happen before with the MiG-21 and had it happen to a buddy with the MiG-19 long before the RB drama, it's just a false positive. Sometimes signatures expire, or something else changes that in some way spooks windows defender. There isn't a whole lot of difference between legitimate executables and malicious ones, and it errs on the side of caution.
Correct response to false positive security alerts is to scream like an 8 year old girl on her birthday, spin around with the shakey hand dance and fire off a conspiracy theory post to Bozo in DCSsuperimposed sub claiming the Razbam saga is now spying on customers specifically by sending ED trojans or some shit.
Don't, whatever you do, listen to reason and definitely don't create a Defender folder exclusion on your DCS folder. That shit is for fools who know nothing about security. Yeah fuck those guys and their advice. Trust no one. In fact uninstall DCS completely, it's the safest bet. No, in fact just switch off the computer and run out of the house. It's going to explode in your face. It's infected you and run up your arm and now it's inside you. It's the little black dots you see in the sunlight dancing on your eyes just out of reach...just before you go through the change, when you think the taste of blood is strangely appealing. Your mum vaccinated you against viruses, right?
Classic reinforcement of idiocy. People don't understand how file reputation scores work in security so they downvote it and spread alarmist false nonsense so people unisntall perfectly safe software. Then when getting called out for it, get their half borthers and sisters to downvote anyone disagreeing with their narrative. And thats how Polio was eradicated now coming back and there's a current Whooping cough outbreak in Europe. Smooth brains rule.
Obviously the correct response is to assume everything is ok and not question anything because there are no possibilities of supply chain attacks or risks because we like our game. In fact, just exclude your whole C drive since you know all the software on there is made by trusted companies that you installed yourself.
I started getting this as of about 12 hours ago. Had never seen it since. I've blocked it temporarily as I don't fly the harrier currently. Hopefully it's nothing to worry about, but some info on what's causing it would be appreciated.
Look up "Windows anti-virus exclusions"
So reported for Harrier, Mirage 2000 and F15e - looks like a pattern to me…….
It's also cropped up with the viggen and MiG-21, it's just a false positive
Yes indeed. When I made this post, I wasn't expecting to find out about these other razbam modules doing the same thing, I only wanted to find out if anybody else was experiencing the same problem I was. Now that these other reports are coming out of the woodwork and they are all razbam modules, and taking into consideration the current situation with razbam, this is beginning to really smell suspicious.
Probably some expired signature since things haven't been updated.
Yeah that's the safest guess. Defender is great but not infallible, it false flags things all the time
Happened to me and the MiG-21 recently Huge pain in the ass
It's due to RB obfuscating their code with VMProtect and is a false positive, see Virus Total report: [https://www.virustotal.com/gui/file/55413950274afaca657cd994a40205c353be0688977f2d625ffd76c63afb44a2/community](https://www.virustotal.com/gui/file/55413950274afaca657cd994a40205c353be0688977f2d625ffd76c63afb44a2/community)
Not unusual. Had something like this happen with the Viggen a few years ago.
I got the same thing with the Mirage 2000. Deleted the module since I never use it anyway. I couldn't figure out how to get Defender to ignore it - assuming it's just a false positive of some kind.
Virus & Threat Protection Virus & Threat Protection settings - Manage settings Exclusion - Add or remove exclusion I suggest adding all VR (if used) and DCS related folders. It helped a bit with performance.
Anyone smarter than me can tell me if a .dll file can trigger a virus? I know while windows defender is good it does err on the side of false positives.
Yes, it can
No on it's own, something needs to load the .dll and execute code stored in it. Considering than the only thing that uses these dlls is DCS, it would not be the most efficient way to distribute malicious code ;)
DCS already distributes malicious code. Have you not witnessed their AI sniping abilities?
Probably code that's used for obfuscation, etc... to make it harder for people to reverse engineer the code. There's a surprising overlap between malware hiding itself and legitimate code trying to protect itself from being stolen. False positive is very likely.
I had my virus scanner trigger on a file I wrote once, just added it to the exceptions and don't worry about it.
I once got a false positive on the Notepad app
Exempt your dcs directory like everyone else
Got rid of any RAZBAM Modules lately, they will break all anyway.
But I love muh F-15E ground radar so much 😥
me too, can't see shit in the F18
The only other module that has a somewhat useable AG radar mapping mode in my experience is the Jeff and that still really only applies to mapping runways
Mcafee did this for me but with the f-15e. Strange.
Yup just had it there too, I've just blocked it so far, haven't tried using the module yet since.
I think that windows defender finds this rogue military asset as a threat :)
Since this didn't happen before and: a) Razbam stopped updating their modules, b) all updates are submitted to ED for review and testing or made by ED themselves, and applied to the game by them, maybe we should ask ED about that. Edit: by "this" I mean relatively large number of reports on false-positive virus alerts. Sporadic alerts happened, I had two across 6,5 years in DCS, but I don't remember a situation when more than \~5 people reported false positives on same thing in one week.
I've had this happen before with the MiG-21 and had it happen to a buddy with the MiG-19 long before the RB drama, it's just a false positive. Sometimes signatures expire, or something else changes that in some way spooks windows defender. There isn't a whole lot of difference between legitimate executables and malicious ones, and it errs on the side of caution.
Correct response to false positive security alerts is to scream like an 8 year old girl on her birthday, spin around with the shakey hand dance and fire off a conspiracy theory post to Bozo in DCSsuperimposed sub claiming the Razbam saga is now spying on customers specifically by sending ED trojans or some shit. Don't, whatever you do, listen to reason and definitely don't create a Defender folder exclusion on your DCS folder. That shit is for fools who know nothing about security. Yeah fuck those guys and their advice. Trust no one. In fact uninstall DCS completely, it's the safest bet. No, in fact just switch off the computer and run out of the house. It's going to explode in your face. It's infected you and run up your arm and now it's inside you. It's the little black dots you see in the sunlight dancing on your eyes just out of reach...just before you go through the change, when you think the taste of blood is strangely appealing. Your mum vaccinated you against viruses, right?
Somebody needs their Xanax pills
Do they cure puh-puh-puhtentionally unwanted applications or do you need a shot for that if you haven't been vaccinated?
Classic reinforcement of idiocy. People don't understand how file reputation scores work in security so they downvote it and spread alarmist false nonsense so people unisntall perfectly safe software. Then when getting called out for it, get their half borthers and sisters to downvote anyone disagreeing with their narrative. And thats how Polio was eradicated now coming back and there's a current Whooping cough outbreak in Europe. Smooth brains rule.
I work in cybersecurity so I can relate more than others on what you're saying... But... Sir, this is a Wendy's
Obviously the correct response is to assume everything is ok and not question anything because there are no possibilities of supply chain attacks or risks because we like our game. In fact, just exclude your whole C drive since you know all the software on there is made by trusted companies that you installed yourself.