Maintenance for the week of December 16:
• PC/Mac: No maintenance – December 16
• NA megaservers for patch maintenance – December 17, 4:00AM EST (9:00 UTC) - 12:00PM EST (17:00 UTC)
• EU megaservers for patch maintenance – December 17, 9:00 UTC (4:00AM EST) - 17:00 UTC (12:00PM EST)

Launcher update - got a heuristic virus alert.

AnduinTryggva
AnduinTryggva
✭✭✭✭✭
A popup message told me than an update of the launcher program is to be installed and I should click on close. I did that and the update was downloaded. At that moment my antivirus popped up a message that it has discovered a heuristic virus and removed it.

It pointed to my user folder on C and a very long file name with random numbers and letters.

Do I have to be worried now?
Edited by ZOS_Icy on June 30, 2024 6:23PM
  • ZOS_Kevin
    ZOS_Kevin
    Community Manager
    Hi @AnduinTryggva. Could you let us know what antivirus you're using? We're going to try and resolve this issue.
    Community Manager for ZeniMax Online Studio and Elder Scrolls OnlineDev Tracker | Service Alerts | ESO Twitter
    Staff Post
  • TX12001rwb17_ESO
    TX12001rwb17_ESO
    ✭✭✭✭✭
    ✭✭✭
    I had the same thing happen to me, using Norton.
  • miloflipper
    I got a malware alert and my antivirus s/w removed the Epic games launcher. I am using Bitdefender.
    All rights reserved.
  • MreeBiPolar
    MreeBiPolar
    ✭✭✭✭✭
    ZOS_Kevin wrote: »
    Hi @AnduinTryggva. Could you let us know what antivirus you're using? We're going to try and resolve this issue.

    Dr. Web. Tripped on a sudden, unannounced and very small launcher update. At the moment, I have to launch the game directly (eso64.exe) as the launcher is being whacked like a mole.
  • AnduinTryggva
    AnduinTryggva
    ✭✭✭✭✭
    ZOS_Kevin wrote: »
    Hi @AnduinTryggva. Could you let us know what antivirus you're using? We're going to try and resolve this issue.

    I've sent you a message! I hope it helps!
  • AnduinTryggva
    AnduinTryggva
    ✭✭✭✭✭
    ZOS_Kevin wrote: »
    Hi @AnduinTryggva. Could you let us know what antivirus you're using? We're going to try and resolve this issue.

    BTW: Do I assume correctly that there is nothing to be worried and no virus slipped on my computer somehow?
  • Holmarion19
    Holmarion19
    ✭✭✭
    I use Norton too.

    It blocked Heur.AdvMl.B when updating the launcher.

    Norton tells me that the threat has been removed. The Launcher is running fine.
    Edited by Holmarion19 on June 26, 2024 9:12PM
  • AnduinTryggva
    AnduinTryggva
    ✭✭✭✭✭
    I use Norton too.

    It blocked Heur.AdvMl.B when updating the launcher.

    Norton tells me that the threat has been removed. The Lanucher is running fine.

    Right! That was the name of the heuristic virus I got shown. Thanks!

    As far as I understand a heuristic virus could just be a program that shows some behavior identified to be typical for a virus whether it is really a virus or a harmless program that has some behavior that could be taken as a virus activity.

    Still like to know if I should be worried or not.
  • Tornaad
    Tornaad
    ✭✭✭✭✭
    I had the same thing happen to me, using Norton.

    Same. It got successfully installed either way.
  • ZOS_Kevin
    ZOS_Kevin
    Community Manager
    If anyone who got a Norton or other antivirus flag want to send log reports via DM, that would help as we are trying to narrow down the issue here. This link will show you how to pull the logs.
    Community Manager for ZeniMax Online Studio and Elder Scrolls OnlineDev Tracker | Service Alerts | ESO Twitter
    Staff Post
  • WolfStark1
    WolfStark1
    ✭✭
    I had a similar issue today after opening the launcher, it was downloading and updating then I got a Pop Up Notification from HP (my computer) asking to allow some weird name to make changes to my C drive. I selected NO because ummm NO, and closed the launcher...then I came here to see if there was any issues and found this thread. Could someone let me know what I should do. I have not attempted to log in yet but will be here in a moment and will see if the game loads. The few years ive been playing Ive never had an updated try to make changes to my hard drive on my PC, so this needs to be looked into!

    WolfStark1
  • WolfStark1
    WolfStark1
    ✭✭
    Ok so Everytime I open the launcher is gives me this pop up, to allow whatever this is to make changes to my computer. I have never seen this, nor should it be happening. I hit NO and the pop up closed. Then I was left with the launcher and able to hit play and log in with no issue. Please let me know if this is being corrected or what I need to do on my end to make this stop. Thanks!
    0y9eqdcs3ada.jpg

    WolfStark1
  • belial5221_ESO
    belial5221_ESO
    ✭✭✭✭✭
    That's a normal program needed.I keep mine updated,so have a newer version on this PC,but need it on another no issues.

    Also,heuristics is a generic scan for something that might have even a tiny bit of code similar to virus,and why so many false positives with heuritics on.
  • Sepultura_13
    Sepultura_13
    ✭✭✭✭
    A popup message told me than an update of the launcher program is to be installed and I should click on close. I did that and the update was downloaded. At that moment my antivirus popped up a message that it has discovered a heuristic virus and removed it.

    It pointed to my user folder on C and a very long file name with random numbers and letters.
    I had the same thing happen to me, using Norton.

    Ditto.
    ZOS_Kevin wrote: »
    If anyone who got a Norton or other antivirus flag want to send log reports via DM, that would help as we are trying to narrow down the issue here. This link will show you how to pull the logs.

    In the process of pulling the logs as I type this. I hope it isn't anything that will cause issues in the future. I'd also noticed that in the past few days, before today's update, the launcher would open but nothing would populate - just a blank launcher. I'd have to close it from the toolbar and re-open it, then it seemed to take a very long time for the 'Play' button to become functional.
  • Aurielle
    Aurielle
    ✭✭✭✭✭
    ✭✭✭✭✭
    WolfStark1 wrote: »
    I had a similar issue today after opening the launcher, it was downloading and updating then I got a Pop Up Notification from HP (my computer) asking to allow some weird name to make changes to my C drive. I selected NO because ummm NO, and closed the launcher...then I came here to see if there was any issues and found this thread. Could someone let me know what I should do. I have not attempted to log in yet but will be here in a moment and will see if the game loads. The few years ive been playing Ive never had an updated try to make changes to my hard drive on my PC, so this needs to be looked into!

    WolfStark1

    I had the same thing. I selected no, as there was no update today as far as I know. I’m able to get into the game just fine after selecting no.
  • WolfStark1
    WolfStark1
    ✭✭
    That's a normal program needed.I keep mine updated,so have a newer version on this PC,but need it on another no issues.

    Also,heuristics is a generic scan for something that might have even a tiny bit of code similar to virus,and why so many false positives with heuritics on.

    I was curious because Ive never seen this pop up.....EVER, Im far from a computer genius but I had no clue what this was LOL and Ive been playing eso for 2 years now and never had this come up until todays launcher loaded.
  • spiderlair88646
    I also got the malware notification from norton immediately after the launcher update
  • darvaria
    darvaria
    ✭✭✭✭✭
    I'm using AVG and got the same. I just clicked no and update continued. Last time, I clicked yes and got something that changed my search or something.
  • BretonMage
    BretonMage
    ✭✭✭✭✭
    WolfStark1 wrote: »
    Ok so Everytime I open the launcher is gives me this pop up, to allow whatever this is to make changes to my computer. I have never seen this, nor should it be happening. I hit NO and the pop up closed. Then I was left with the launcher and able to hit play and log in with no issue. Please let me know if this is being corrected or what I need to do on my end to make this stop. Thanks!
    0y9eqdcs3ada.jpg

    WolfStark1

    I got this as well.

    On quitting the game, I got an error message that the game needed to be repaired. So I did a repair, but it happened again. Very odd.
  • Poncho28
    Poncho28
    ✭✭✭
    @ZOS_Kevin sent you an anti-malware dump from my PC.

    The C++ Redistributable is carrying a load file that Norton is associating with what they call a Hueristic virus, "Heur.AdvML.B".

    If y'all are gathering metrics on us, that's fine, but I have to ask if that's within the EULA you have us acknowledge. If it isn't, is there anyway we can get a launcher to debloat some of this added overhead?

    Thanks
    Poncho-Dovahkiin (Defilers of Molag Bal, Lost Souls of Tamriel, Rebellious Spirit, Greatest of all Time)
  • JoeCapricorn
    JoeCapricorn
    ✭✭✭✭✭
    I did some digging and I don't think it's that. Heur.AdvML.B seems to be detected as a false positive on relatively simple Visual C++ programs

    https://learn.microsoft.com/en-us/answers/questions/614202/heur-advml-b-virus-detected-by-norton-on-a-newly-c

    I doubt there's anything nefarious going on.
    I simp for vampire lords and Glemyos Wildhorn
  • SilverBride
    SilverBride
    ✭✭✭✭✭
    ✭✭✭✭✭
    I got the same pop-up when opening the launcher today. The first time I chose "no" and the news section said it was unable to show any news, however the "play" button did activate. I shut down the launcher and opened it again and got the same pop-up. I showed it to my friend and he chose "yes" and the launcher loaded normally.

    He didn't think this was a virus and I hope he was right.
    Edited by SilverBride on June 27, 2024 2:04AM
    PCNA
  • OldStygian
    OldStygian
    ✭✭✭✭
    Visual C++ is software framework that other windows apps then use. Similar to .net or java etc. If an app is written using a more recent version than what you have installed it needs to be upgraded. ZOS have included it in the installation package for this reason. This not particularly unusual.

    Obviously getting a heuristic virus ping is unusual but of all the virus detection methods, heuristics are, generally speaking, the most common to give false positives.

    Treat this with the level of concern you're comfortable with. If you're unsure, give ZOS some time to address it and post their own advice.
  • AnduinTryggva
    AnduinTryggva
    ✭✭✭✭✭
    @Kevin, I've sent you the logs from yesterday via message. One is rather large I fear. I hope it is ok.
  • Xychid
    Xychid
    Soul Shriven
    ZOS_Kevin wrote: »
    If anyone who got a Norton or other antivirus flag want to send log reports via DM, that would help as we are trying to narrow down the issue here. This link will show you how to pull the logs.

    Hi. How do I send a DM to you? I had the same issue and norton seems to have solved it. But I copied my host.developer log file to send but uncertain best channel to sen it through.
  • ShadowPaladin
    ShadowPaladin
    ✭✭✭✭
    I use Norton too.

    It blocked Heur.AdvMl.B when updating the launcher.

    Norton tells me that the threat has been removed. The Launcher is running fine.


    This was the same for me yesterday.

    So far I haven't tried to log into the game today. But I guess it will work.
  • moo_2021
    moo_2021
    ✭✭✭✭✭
    You can trigger the Heur.AdvML.B virus detection by writing something as simple as Hello World: https://learn.microsoft.com/en-us/answers/questions/614202/heur-advml-b-virus-detected-by-norton-on-a-newly-c


    Heuristic virus checks are just useless because they don't really know what programs are doing. It's like identifying criminals by the combination of their clothes colors.
    Edited by moo_2021 on June 27, 2024 11:33AM
  • StihlReign
    StihlReign
    ✭✭✭✭
    Norton has the following which may be useful to the development team in isolating the files available to the heuristic virus check in the final package.

    Heur.AdvML.B Detected in C++ Boost Library & Visual Studio

    There has been a lot of commentary about Heur.AdvMl.B involving game launchers going back to 2016, a lot of it specific to Norton and Symantec, but now common to many of the larger antivirus software programs available.
    Heuristic is a very questionable technique that has been designed to detect a dangerous file before it has proven to be dangerous. It's a way to advertise the antivirus being able to discover threats "before they are been discovered", with the only result that it will end up blocking most legit files. It's likely the "dangerous" behavior that triggered the flag is the very act of *downloading* something, which is obviously everything that an updater is supposed to do.
    SOURCE
    "O divine art of subtlety and secrecy!

    Through you we learn to be invisible, through you inaudible; and hence we can hold the enemy’s fate in our hands.” – Ch. VI, v. 8-9. — Master Sun Tzu

    "You haven't beaten me you've sacrificed sure footing for a killing stroke." — Ra's al Ghul

    He who is prudent and lies in wait for an enemy who is not, will be victorious — Master Sun Tzu

    LoS
  • GMdoghunter
    GMdoghunter
    ✭✭✭
    Same thign for me as well i got the Heuristic Virus Alert after running the eso launcher yesterday as well,I am using ESET ultimate security.
    With so many people here having Heuristic alerts it just makes you wonder what is going on.
    This surely Can't be a False Positive with so many people experiencing the same type of activity.
    Dissapointing to say the least.
  • TairenSoul
    TairenSoul
    ✭✭✭
    I got a message saying there were corrupted files and I should remove them. After doing so now It hard crash immediately. It suggested I run a repair, which I'm doing now. It says the latest game launcher has failed.

    UPDATE: Ran from Launcher application as administrator and it worked!
    Edited by TairenSoul on June 27, 2024 2:18PM
    Heavy is the crown.
Sign In or Register to comment.