Maintenance for the week of December 23:
· [COMPLETE] NA megaservers for maintenance – December 23, 4:00AM EST (9:00 UTC) - 9:00AM EST (14:00 UTC)
· [COMPLETE] EU megaservers for maintenance – December 23, 9:00 UTC (4:00AM EST) - 14:00 UTC (9:00AM EST)

After the patch my Kaspersky Plus is accusing ESO64.exe of being a Trojan. anyone else having this?

RaikaNA
RaikaNA
✭✭✭✭✭
Event: Malicious object detected
Application: ESO
User: DESKTOP-73L625R\Raijin
User type: Initiator
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Trojan.Win32.Bazon.a
Threat level: High
Object type: Process
Object path: C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client
Object name: eso64.exe
Reason: Behavior analysis
Databases release date: Yesterday, 6/2/2024 5:22:00 PM
MD5: D0928B79E160A5BC8ECABFFD965765DD

0xkco1ip1ka7.png

Is anyone else having this problem with their anti-virus software?

Now I'm having issues starting up the game.
Edited by ZOS_Icy on 4 June 2024 10:17
  • shinry
    shinry
    ✭✭✭
    I am also having this issue. It opened up the first time after the update but it won't allow me to open ESO up again after the fact and I am not sure how to proceed.
  • RaikaNA
    RaikaNA
    ✭✭✭✭✭
    shinry wrote: »
    I am also having this issue. It opened up the first time after the update but it won't allow me to open ESO up again after the fact and I am not sure how to proceed.

    Same here. I could download the patch and everything and log in to the game soon after, but when I tried logging in for the second time, all hell broke loose. My anti virus software deleted the eso64.exe
  • shinry
    shinry
    ✭✭✭
    I also don't see it in the folder even though I didn't let it "disinfect and restart the computer." I made an exception to run it in Kapersky and marked it as trusted and repaired ESO client in Steam but ESO still will not launch. Rip my core trials :/
  • RaikaNA
    RaikaNA
    ✭✭✭✭✭
    shinry wrote: »
    I also don't see it in the folder even though I didn't let it "disinfect and restart the computer." I made an exception to run it in Kapersky and marked it as trusted and repaired ESO client in Steam but ESO still will not launch. Rip my core trials :/

    Go to your launcher and try to repair your game... Hopefully, it will add ESO64 again.
  • shinry
    shinry
    ✭✭✭
    I will try to repair again with Kapersky completely shut down.
  • shinry
    shinry
    ✭✭✭
    Were you able to get yours running at all?
  • RaikaNA
    RaikaNA
    ✭✭✭✭✭
    shinry wrote: »
    Were you able to get yours running at all?

    I repaired my game and tried logging in... got the same message.. It looks like you need to disable Kaspersky until they fix this problem.

    kwmmojl6iqkn.png
  • shinry
    shinry
    ✭✭✭
    Yep it works after repaired with Kapersky disabled but doesn't feel too good.
  • LostScot
    LostScot
    ✭✭✭
    This is because ESO captures a list of running processes, and will exit the game if any of the executable names or checksums match an internal list.

    Many security vendors will recognise this behaviour with heuristics scanning of an application's activities, and can potentially classify it as malicious. In Kaspersky's case they're taking the cautious stance.

    Edit: The reason this is considered malicious behaviour is because it is a common tactic used in malware, identify any unwanted processes on the host machine that may identify it, and exit if they're running. ESO does it to identify potential cheating software (or Process Explorer, which is a harmless Task Manager replacement), which is obviously a good reason (to detect cheating software, not to detect Process Explorer) to have this behaviour.
    Edited by LostScot on 4 June 2024 01:25
    Craftaholics Guild, established 30th March 2014.

    What do we want? Our anniversary goblets and Alfiqi plushies!
    When do we want them? Back in April 2024 when we expected to receive them!
  • TaSheen
    TaSheen
    ✭✭✭✭✭
    ✭✭✭✭✭
    Sounds like y'all need to get on Kaspersky.
    ______________________________________________________

    "But even in books, the heroes make mistakes, and there isn't always a happy ending." Mercedes Lackey, Into the West

    PC NA, PC EU (non steam)- four accounts, many alts....
  • shinry
    shinry
    ✭✭✭
    Thanks for all the help and feedback!
  • FelisCatus
    FelisCatus
    ✭✭✭✭✭
    It's likely a false positive.
  • Sedare38
    Sedare38
    ✭✭✭
    Getting the same issue. Kaspersky deleted the ESO client. I can get the game to work if I stop protection which is stupid. ZOS, this worked last night without my AV thinking you're a virus.
  • RaikaNA
    RaikaNA
    ✭✭✭✭✭
    TaSheen wrote: »
    Sounds like y'all need to get on Kaspersky.

    Already making some noises on the kaspersky's forums.

    https://forum.kaspersky.com/topic/kaspersky-plus-is-accusing-elder-scrolls-online-to-be-a-trojan-47962/
  • Zoye
    Zoye
    Soul Shriven
    Posting for a friend who also was having this issue (he doesn't have forum access) and seemed to make this work:

    Instructions:

    Repair ESO - but do not launch

    Open Kaspersky Total Security > Settings > Threats and Exclusions
    In "Threats and Exclusions "
    Add the eso64.exe file to both trusted applications and exclusions

    Attached images for:
    Specify Trusted applications
    Manage Exclusions

    You should now be good to launch ESO again

    agp29pw9nx92.png
    c4lijwu3ruot.png
    Edited by Zoye on 4 June 2024 02:13
  • Dagraenion
    Zoye wrote: »
    Posting for a friend who also was having this issue (he doesn't have forum access) and seemed to make this work:

    Instructions:

    Repair ESO - but do not launch

    Open Kaspersky Total Security > Settings > Threats and Exclusions
    In "Threats and Exclusions "
    Add the eso64.exe file to both trusted applications and exclusions

    Attached images for:
    Specify Trusted applications
    Manage Exclusions

    You should now be good to launch ESO again

    agp29pw9nx92.png
    c4lijwu3ruot.png

    Thanks for this workaround! It works great! I hope Kaspersky will fix this to the point where we don't have to use this workaround anymore.
  • Imperial_Archmage
    Imperial_Archmage
    ✭✭✭
    I have Kaspersky Plus and the menu looks completely different from what you are showing here. How do I disable it entirely, its clearly a false positive?
  • TaSheen
    TaSheen
    ✭✭✭✭✭
    ✭✭✭✭✭
    I have Kaspersky Plus and the menu looks completely different from what you are showing here. How do I disable it entirely, its clearly a false positive?

    You probably need to access Kaspersky on your machine, and search for "disable due to false positive". I really don't know, but that's as close as I can come. I don't use Kaspersky.
    Edited by TaSheen on 4 June 2024 03:41
    ______________________________________________________

    "But even in books, the heroes make mistakes, and there isn't always a happy ending." Mercedes Lackey, Into the West

    PC NA, PC EU (non steam)- four accounts, many alts....
  • Heretus
    Heretus
    ✭✭
    Hello , had the very same issue, patch applied , kaspersky identified it as a virus.

    All I did was to add the entire ESO folder to exceptions settings > manage threats and exceptions (or something alike in English) > +ADD , choose folder , chose the entire ESO folder.

    Kaspersky asked me to confirm , I did , pressed play again and it was done with no issues, I did not even repair the game or anything.

    You may wish to disable Kasperky protection all together, add the ESO folder to exceptions , restart your PC and repair the game
  • kynesgrove
    kynesgrove
    ✭✭✭✭
    RaikaNA wrote: »
    Event: Malicious object detected
    Application: ESO
    User: DESKTOP-73L625R\Raijin
    User type: Initiator
    Component: System Watcher
    Result description: Detected
    Type: Trojan
    Name: PDM:Trojan.Win32.Bazon.a
    Threat level: High
    Object type: Process
    Object path: C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client
    Object name: eso64.exe
    Reason: Behavior analysis
    Databases release date: Yesterday, 6/2/2024 5:22:00 PM
    MD5: D0928B79E160A5BC8ECABFFD965765DD

    0xkco1ip1ka7.png

    Is anyone else having this problem with their anti-virus software?

    Now I'm having issues starting up the game.

    This thread is a great heads-up for Kaspersky users, thank you!!

    I would have logged in without a second thought, only to be massively frustrated.
    "The shrine is breathtaking, sitting upon a rise and dominated by many standing stones carved with holy runes. The place truly seems to have been kissed by Kyne's icy breath."
    - Urig the Wanderer
  • RaikaNA
    RaikaNA
    ✭✭✭✭✭
    I have Kaspersky Plus and the menu looks completely different from what you are showing here. How do I disable it entirely, its clearly a false positive?

    I recently upgraded my software from Kaspersky Total Security to now Kaspersky Plus.

    From home you will see this
    5pwfcewpmd8c.png
    Click on details

    5mom4q0vw9au.png

    Or go to settings <security settings<
    bgo92agsqven.png


    Scroll all the way down until you see this
    qzol4abv2h0r.png

    Click on the Exclusions and actions on object detection and then click on manage exlusions
    tuveznkafp63.png

    final part
    sbc6j4pb4cr3.png

    I've added C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client
    to the Exclusions list.

    This worked for me so I hope it does for you.
    Edited by RaikaNA on 4 June 2024 20:32
  • ZOS_Icy
    ZOS_Icy
    mod
    Greetings,

    This thread has been moved to the PC Technical Support section, as it is better suited there.

    Thank you for your understanding.
    Staff Post
  • Dagraenion
    This issue has been resolved. You can now remove ESO from Exclusion and Trusted in Kaspersky, and you be able to play the game. Just make sure to update your Kaspersky first, then restart.
  • woe
    woe
    ✭✭✭✭
    You should honestly get rid of Kaspersky. They have leaked user information, have ties with Russia and flag too many false positives on normal programs. You should look at a site like AV-test and replace it with something else.
    uwu
  • LostScot
    LostScot
    ✭✭✭
    woe wrote: »
    You should honestly get rid of Kaspersky. They have leaked user information, have ties with Russia and flag too many false positives on normal programs. You should look at a site like AV-test and replace it with something else.

    Yeah, the company sponsoring Ferrari is responsible for all the conspiracy theories you've listed... In another universe maybe.

    Where are the <sarcasm> tags when I need them?
    Craftaholics Guild, established 30th March 2014.

    What do we want? Our anniversary goblets and Alfiqi plushies!
    When do we want them? Back in April 2024 when we expected to receive them!
  • SeaGtGruff
    SeaGtGruff
    ✭✭✭✭✭
    ✭✭✭✭✭
    LostScot wrote: »
    woe wrote: »
    You should honestly get rid of Kaspersky. They have leaked user information, have ties with Russia and flag too many false positives on normal programs. You should look at a site like AV-test and replace it with something else.

    Yeah, the company sponsoring Ferrari is responsible for all the conspiracy theories you've listed... In another universe maybe.

    Where are the <sarcasm> tags when I need them?

    They're here: /s
    I've fought mudcrabs more fearsome than me!
Sign In or Register to comment.