Launcher update - got a heuristic virus alert.

AnduinTryggva

A popup message told me than an update of the launcher program is to be installed and I should click on close. I did that and the update was downloaded. At that moment my antivirus popped up a message that it has discovered a heuristic virus and removed it.

It pointed to my user folder on C and a very long file name with random numbers and letters.

Do I have to be worried now?

ZOS_Kevin

Hi @AnduinTryggva. Could you let us know what antivirus you're using? We're going to try and resolve this issue.

TX12001rwb17_ESO

I had the same thing happen to me, using Norton.

miloflipper

I got a malware alert and my antivirus s/w removed the Epic games launcher. I am using Bitdefender.

MreeBiPolar

ZOS_Kevin wrote: »

Hi @AnduinTryggva. Could you let us know what antivirus you're using? We're going to try and resolve this issue.

Dr. Web. Tripped on a sudden, unannounced and very small launcher update. At the moment, I have to launch the game directly (eso64.exe) as the launcher is being whacked like a mole.

AnduinTryggva

ZOS_Kevin wrote: »

Hi @AnduinTryggva. Could you let us know what antivirus you're using? We're going to try and resolve this issue.

I've sent you a message! I hope it helps!

AnduinTryggva

ZOS_Kevin wrote: »

Hi @AnduinTryggva. Could you let us know what antivirus you're using? We're going to try and resolve this issue.

BTW: Do I assume correctly that there is nothing to be worried and no virus slipped on my computer somehow?

Holmarion19

I use Norton too.

It blocked Heur.AdvMl.B when updating the launcher.

Norton tells me that the threat has been removed. The Launcher is running fine.

AnduinTryggva

Holmarion19 wrote: »

I use Norton too.

It blocked Heur.AdvMl.B when updating the launcher.

Norton tells me that the threat has been removed. The Lanucher is running fine.

Right! That was the name of the heuristic virus I got shown. Thanks!

As far as I understand a heuristic virus could just be a program that shows some behavior identified to be typical for a virus whether it is really a virus or a harmless program that has some behavior that could be taken as a virus activity.

Still like to know if I should be worried or not.

Tornaad

TX12001rwb17_ESO wrote: »

I had the same thing happen to me, using Norton.

Same. It got successfully installed either way.

ZOS_Kevin

If anyone who got a Norton or other antivirus flag want to send log reports via DM, that would help as we are trying to narrow down the issue here. This link will show you how to pull the logs.

WolfStark1

I had a similar issue today after opening the launcher, it was downloading and updating then I got a Pop Up Notification from HP (my computer) asking to allow some weird name to make changes to my C drive. I selected NO because ummm NO, and closed the launcher...then I came here to see if there was any issues and found this thread. Could someone let me know what I should do. I have not attempted to log in yet but will be here in a moment and will see if the game loads. The few years ive been playing Ive never had an updated try to make changes to my hard drive on my PC, so this needs to be looked into!

WolfStark1

WolfStark1

Ok so Everytime I open the launcher is gives me this pop up, to allow whatever this is to make changes to my computer. I have never seen this, nor should it be happening. I hit NO and the pop up closed. Then I was left with the launcher and able to hit play and log in with no issue. Please let me know if this is being corrected or what I need to do on my end to make this stop. Thanks!


WolfStark1

belial5221_ESO

That's a normal program needed.I keep mine updated,so have a newer version on this PC,but need it on another no issues.

Also,heuristics is a generic scan for something that might have even a tiny bit of code similar to virus,and why so many false positives with heuritics on.

Sepultura_13

AnduinTryggva wrote: »

A popup message told me than an update of the launcher program is to be installed and I should click on close. I did that and the update was downloaded. At that moment my antivirus popped up a message that it has discovered a heuristic virus and removed it.

It pointed to my user folder on C and a very long file name with random numbers and letters.

TX12001rwb17_ESO wrote: »

I had the same thing happen to me, using Norton.

Ditto.

ZOS_Kevin wrote: »

If anyone who got a Norton or other antivirus flag want to send log reports via DM, that would help as we are trying to narrow down the issue here. This link will show you how to pull the logs.

In the process of pulling the logs as I type this. I hope it isn't anything that will cause issues in the future. I'd also noticed that in the past few days, before today's update, the launcher would open but nothing would populate - just a blank launcher. I'd have to close it from the toolbar and re-open it, then it seemed to take a very long time for the 'Play' button to become functional.

Aurielle

WolfStark1 wrote: »

I had a similar issue today after opening the launcher, it was downloading and updating then I got a Pop Up Notification from HP (my computer) asking to allow some weird name to make changes to my C drive. I selected NO because ummm NO, and closed the launcher...then I came here to see if there was any issues and found this thread. Could someone let me know what I should do. I have not attempted to log in yet but will be here in a moment and will see if the game loads. The few years ive been playing Ive never had an updated try to make changes to my hard drive on my PC, so this needs to be looked into!

WolfStark1

I had the same thing. I selected no, as there was no update today as far as I know. I’m able to get into the game just fine after selecting no.

WolfStark1

belial5221_ESO wrote: »

That's a normal program needed.I keep mine updated,so have a newer version on this PC,but need it on another no issues.

Also,heuristics is a generic scan for something that might have even a tiny bit of code similar to virus,and why so many false positives with heuritics on.

I was curious because Ive never seen this pop up.....EVER, Im far from a computer genius but I had no clue what this was LOL and Ive been playing eso for 2 years now and never had this come up until todays launcher loaded.

spiderlair88646

I also got the malware notification from norton immediately after the launcher update

darvaria

I'm using AVG and got the same. I just clicked no and update continued. Last time, I clicked yes and got something that changed my search or something.

BretonMage

WolfStark1 wrote: »

Ok so Everytime I open the launcher is gives me this pop up, to allow whatever this is to make changes to my computer. I have never seen this, nor should it be happening. I hit NO and the pop up closed. Then I was left with the launcher and able to hit play and log in with no issue. Please let me know if this is being corrected or what I need to do on my end to make this stop. Thanks!


WolfStark1

I got this as well.

On quitting the game, I got an error message that the game needed to be repaired. So I did a repair, but it happened again. Very odd.

Poncho28

@ZOS_Kevin sent you an anti-malware dump from my PC.

The C++ Redistributable is carrying a load file that Norton is associating with what they call a Hueristic virus, "Heur.AdvML.B".

If y'all are gathering metrics on us, that's fine, but I have to ask if that's within the EULA you have us acknowledge. If it isn't, is there anyway we can get a launcher to debloat some of this added overhead?

Thanks

JoeCapricorn

I did some digging and I don't think it's that. Heur.AdvML.B seems to be detected as a false positive on relatively simple Visual C++ programs

https://learn.microsoft.com/en-us/answers/questions/614202/heur-advml-b-virus-detected-by-norton-on-a-newly-c

I doubt there's anything nefarious going on.

SilverBride

I got the same pop-up when opening the launcher today. The first time I chose "no" and the news section said it was unable to show any news, however the "play" button did activate. I shut down the launcher and opened it again and got the same pop-up. I showed it to my friend and he chose "yes" and the launcher loaded normally.

He didn't think this was a virus and I hope he was right.

KaosWarMonk

Visual C++ is software framework that other windows apps then use. Similar to .net or java etc. If an app is written using a more recent version than what you have installed it needs to be upgraded. ZOS have included it in the installation package for this reason. This not particularly unusual.

Obviously getting a heuristic virus ping is unusual but of all the virus detection methods, heuristics are, generally speaking, the most common to give false positives.

Treat this with the level of concern you're comfortable with. If you're unsure, give ZOS some time to address it and post their own advice.

AnduinTryggva

@Kevin, I've sent you the logs from yesterday via message. One is rather large I fear. I hope it is ok.

Xychid

ZOS_Kevin wrote: »

If anyone who got a Norton or other antivirus flag want to send log reports via DM, that would help as we are trying to narrow down the issue here. This link will show you how to pull the logs.

Hi. How do I send a DM to you? I had the same issue and norton seems to have solved it. But I copied my host.developer log file to send but uncertain best channel to sen it through.

ShadowPaladin

Holmarion19 wrote: »

I use Norton too.

It blocked Heur.AdvMl.B when updating the launcher.

Norton tells me that the threat has been removed. The Launcher is running fine.

This was the same for me yesterday.

So far I haven't tried to log into the game today. But I guess it will work.

moo_2021

You can trigger the Heur.AdvML.B virus detection by writing something as simple as Hello World: https://learn.microsoft.com/en-us/answers/questions/614202/heur-advml-b-virus-detected-by-norton-on-a-newly-c


Heuristic virus checks are just useless because they don't really know what programs are doing. It's like identifying criminals by the combination of their clothes colors.

StihlReign

Norton has the following which may be useful to the development team in isolating the files available to the heuristic virus check in the final package.

Heur.AdvML.B Detected in C++ Boost Library & Visual Studio

There has been a lot of commentary about Heur.AdvMl.B involving game launchers going back to 2016, a lot of it specific to Norton and Symantec, but now common to many of the larger antivirus software programs available.

Heuristic is a very questionable technique that has been designed to detect a dangerous file before it has proven to be dangerous. It's a way to advertise the antivirus being able to discover threats "before they are been discovered", with the only result that it will end up blocking most legit files. It's likely the "dangerous" behavior that triggered the flag is the very act of *downloading* something, which is obviously everything that an updater is supposed to do.

SOURCE

GMdoghunter

Same thign for me as well i got the Heuristic Virus Alert after running the eso launcher yesterday as well,I am using ESET ultimate security.
With so many people here having Heuristic alerts it just makes you wonder what is going on.
This surely Can't be a False Positive with so many people experiencing the same type of activity.
Dissapointing to say the least.

TairenSoul

I got a message saying there were corrupted files and I should remove them. After doing so now It hard crash immediately. It suggested I run a repair, which I'm doing now. It says the latest game launcher has failed.

UPDATE: Ran from Launcher application as administrator and it worked!