Maintenance for the week of December 23:
· [COMPLETE] NA megaservers for maintenance – December 23, 4:00AM EST (9:00 UTC) - 9:00AM EST (14:00 UTC)
· [COMPLETE] EU megaservers for maintenance – December 23, 9:00 UTC (4:00AM EST) - 14:00 UTC (9:00AM EST)

ESO upsets Sophos AV

ApoAlaia
ApoAlaia
✭✭✭✭✭
✭✭✭
Good afternoon beautiful people,

It would seem that whatever the ESO executable is up to really upsets my antivirus.

I had to make a specific exclusion for ESO64.exe before because the moment the AV took an interest into whatever this process was doing my game would crash. In the event log it appeared as 'The program eso64.exe version 1.0.0.1 stopped interacting with Windows and was closed'.

That seemed to work until today.

After the update I get this gem instead:

'Kernel32Trap' exploit prevented in ESO

This is the article from the AV publisher on the subject:

https://support.sophos.com/support/s/article/KBA-000007957?language=en_US

What is the new exe up to?

I found myself on the receiving end of a hack when 3CX got compromised by a supply chain attack and started distributing Cobalt Strike infected files to their users (while 3CX themselves maintained that everything was fine and it was a false positive and proceeded to blame Sophos), should I trust ESO this time or is there shenaningans going on here too?

Edited by ZOS_Icy on 28 October 2024 18:31
  • ZOS_Icy
    ZOS_Icy
    mod
    Greetings,

    This thread has been moved to the PC Technical Support section, as it is better suited there.

    Thank you for your understanding.
    Staff Post
  • ApoAlaia
    ApoAlaia
    ✭✭✭✭✭
    ✭✭✭
    Sure, but I don't need 'technical support' per se, I just would like to know what ESO64.exe is up to that makes my AV flag its behaviour as concerning enough to warrant blocking its execution that's all.

    Edited by ApoAlaia on 28 October 2024 21:33
  • Rogue_Coyote
    Rogue_Coyote
    ✭✭
    Most likely, your AV doesn't like the fact ESO exe is actively scanning memory for programs it doesn't like.
  • ApoAlaia
    ApoAlaia
    ✭✭✭✭✭
    ✭✭✭
    Most likely, your AV doesn't like the fact ESO exe is actively scanning memory for programs it doesn't like.

    I did think that this was a possibility given that the issue started right after the 'new, big, shiny BG update', that they might have gotten a bit more aggressive with the anti-cheat and the AV takes objection to this behaviour.

    However, the fact that happens right upon execution before even logging in and that it remains a guess does not fill me with confidence.

    I did recently follow the instructions provided by Sophos and provided them with the resulting logs, maybe they will come back with something more reassuring.

    Edited by ApoAlaia on 17 December 2024 21:18
Sign In or Register to comment.