Forged Alliance Forever

Re: Downed the client from the official page - Malware detec

2020-02-05T14:05:54+02:00

Cuddles wrote:
Get yourself a proper AV that allows analysis like this
2020-02-05_13-15-50.jpg

what antivirus is this?

Statistics: Posted by ZLO_RD — 05 Feb 2020, 14:05

Re: Downed the client from the official page - Malware detec

2020-02-05T13:19:09+02:00

Get yourself a proper AV that allows analysis like this
2020-02-05_13-15-50.jpg

Statistics: Posted by Cuddles — 05 Feb 2020, 13:19

Re: Downed the client from the official page - Malware detec

2020-02-03T19:40:34+02:00

virustotal result for the current installer
https://www.virustotal.com/gui/file/ba6 ... /detection

result for the legacy client installer
https://www.virustotal.com/gui/file/58c ... /detection

the smartscreen stuff is something we may not be able to fix in general

if someone knows how to do so then feel free to post about it (as long as we don't have to throw money at M$ in the process)

Statistics: Posted by PhilipJFry — 03 Feb 2020, 19:40

Re: Downed the client from the official page - Malware detec

2020-02-02T19:01:46+02:00

A bit of googling for "IDP.generic" and ignoring swathes of autogenerated "help" sites yield a whole bunch of false positives, many for videogame launchers, apparently caused by some behaviour check. So, the antivirus didn't match the client to any specific malicious code, it just decided it's behaving suspiciously. There's a lot of mundane stuff that the client needs to do (connect via TCP to the server, irc, query FAF API, download and run game executables, connect to other players) that an antivirus with limited information can consider malicious. Did it report what specific behaviour caused the client to be flagged?

A windows AV can't really tell when doing any of these things is something a trusted program does (say, launching a torrent to download a game update), or a malicious one (say, launching a torrent to seed CP). Normally a game publisher can arrange for his stuff to get whitelisted, but FAF is pretty small. As Geo noted, it's a matter of whether you trust your software's provider. If you don't trust the client installer, you can choose to download its sources, check and build them yourself.

Statistics: Posted by Wesmania — 02 Feb 2020, 19:01

Re: Downed the client from the official page - Malware detec

2020-02-02T17:15:01+02:00

Still it's a problem, a lot of people will have antiviruses on windows and some have no idea what is false-positive & would be scared, it is easier to change packer options for setup*.exe.

Statistics: Posted by techmind_ — 02 Feb 2020, 17:15

Re: Downed the client from the official page - Malware detec

2020-02-02T17:06:22+02:00

There is no virus. It's a false positive. Simple as that.

And yes antiviruses are typically garbage. As long as you don't go around porn sites clicking "There's a hot single in your area" ads, windows defender is all you need

Statistics: Posted by TheKoopa — 02 Feb 2020, 17:06

Re: Downed the client from the official page - Malware detec

2020-02-02T16:41:52+02:00

psycoakira wrote:
I run the installer as admin

don't.

never do that.

run by double-clicking it, the when the configuration steps are over and it prepares to write to disk and asks windows to for elevated privileges allow that.

Statistics: Posted by tatsu — 02 Feb 2020, 16:41

Re: Downed the client from the official page - Malware detec

2020-02-02T15:08:29+02:00

even if you run the game from within the installer it won't run with admin perms

the threads you linked are very outdated and not related to the current installer

just because lots of people buy snake oil doesn't mean it makes any sense
if you are too afraid to run an application then just don't I guess and don't do it with admin permissions if you don't know what you're doing

Statistics: Posted by PhilipJFry — 02 Feb 2020, 15:08

Re: Downed the client from the official page - Malware detec

2020-02-02T15:06:46+02:00

You can try old client, it's still operational. I can't guarantee that your antivirus won't find trojan there as well Anyway, both client are 100% safe for your PC and don't contain any malware.

https://github.com/FAForever/client/releases

Also just listen to Geo and don't be so paranoid. You can always grab source code from git and run client using it.

Statistics: Posted by Strogo — 02 Feb 2020, 15:06

Re: Downed the client from the official page - Malware detec

2020-02-02T14:41:50+02:00

Sorry so I try to clarify things up:

I run the installer as admin and then the installer started the client (as admin cause the installer was run as admin).
After the notification by the client to not run as admin i checked the preferences of the exe (not run as client so ok) and restarted the client (not as admin).
SO this part is not part of further discussion since it is not a problem.

When I wanted to start the client my antivir programm (AVAST approx. 435 million users so cant be that shitty, right) immediately stopped the client from running and informed me that it is infested with IDP.generic. So I stopped the client and moved it to container. Tried to uninstall the client through apps & features of system controll but even the uninstaller is infested so I deleted it and run several antivir and malware programs over.

So my problem and question is:
a) Is this the official version of the client
b) if a) yes, why is it containing a trojan?
And no, its not a problem of my antivir. Please see these links:
https://github.com/FAForever/downlords- ... issues/461 - detected a trojan inside the client by BitDefender
https://forum.kaspersky.com/index.php?/ ... as-trojan/ - flagging the client as a trojan by Kaspersky

If this is the official version and it is marked as a trojan - then after 7 years I will simply leave FAForever crying my eyes out.

There is in my opinion no reason whatsoever why the client should be marked or detected as containing trojans by several antivir programs other then .. yeah containing shitty things. ALso because ALL earlier versions of the client I used never had that problem. And all my other software I use doesn't get prompted as malware. And sorry I am not Neo the great hacker or Zero-cool or whatever. I am a normal user. But until now I could do all I wanted and never had a problem.

Please be so kind and ellaborate. Thank you in advance for your time and answer.

Statistics: Posted by psycoakira — 02 Feb 2020, 14:41

Re: Downed the client from the official page - Malware detec

2020-02-02T14:36:45+02:00

If you're running windows you basically get every application by downloading it from the vendors page. So you have to trust the vendor of that software (including windows itself) . If you're unable to do that, you cannot run the software or should switch to an operating system with a central packet repository where each application gets checked before being allowed in.
This is not just about FAF, it's about every app you install on your system.

With FAF, you're actually in luck. We're an open source project and provide the sources of all software we use for free. So if you don't trust the binary download on the website, feel free to go to github.com/FAForever/downlords-faf-client, read the code and build the client from source yourself to ensure you know what exactly you're executing on your machine.

About your antivirus, there is no way an antivirus software will protect you from a malware that it hasn't seen before (if that malware isn't designed in a dumb way) . The only thing your AV software is doing to achieve this is by looking for some patterns in behaviour and quarantining software when it finds those. This is what happened in your case. Sadly this is most of the time a result of non malicious behaviour. Your antivirus is mainly a psychological tool, it will protect you from old, known or cheaply written malware, but othrr than that it's pretty useless. What actually matters is just running software from trusted vendors. (I actually do not run an AV software on most of my setups)

So in the end it boils down to if you trust FAF (and microsoft, and google, and mozilla, and.... basically every software on your computer). If you cannot do that and are also unable to check and build the source code yourself, I'd suggest stopping to use a computer at all.

Statistics: Posted by Geosearchef — 02 Feb 2020, 14:36

Re: Downed the client from the official page - Malware detec

2020-02-02T13:32:10+02:00

Client tells me to not run it as an admin (strange) so i do it again.

I only extra started the installer as admin and dont do it perm.

the client will tell you not to run the client with admin perms cause that may break stuff
the installer doesn't have such a notification because you obviously need admin perms to install an application on your computer

you are using a windows defender feature that will warn you upon installing unknown applications
if you don't want that much protection then change your windows security settings I guess

not sure what you found by using google and if it is related to FAF in any way whatsoever but we don't collect UIDs since we force every user to link their account to steam anyway

so the answer is still the same
don't run the application as admin or you will get a warning regarding doing so

Statistics: Posted by PhilipJFry — 02 Feb 2020, 13:32

Re: Downed the client from the official page - Malware detec

2020-02-02T13:24:53+02:00

Thanks Philip,

so it's exactly like i feared.
Bollocks reasons and the usual: your antivirus is terrible. I found through a quick google search on the top page two other discussions with two other virus programs also detecting this trojan. And no windows is not overprotective.
What happened to the well running old client where you dont needed to use trojans or detected as trojans programs or we are analyzing deep in your pc to generate a unique player id?
I only extra started the installer as admin and dont do it perm.

So please answer a simple question: Is this the state of FAForever now? Is this the officially used client ? Because if it is, I will not find myself in a scenario like: Oh it could be misused by us to do shit on your computer but good news: We won't do it because we are just committed guys for tha game. Will not happen. Would break my heart but that would be it for me and FAForever like forever.
Thanks for your time and I am so hoping to read the answer I hope there will be. (Crossing fingers and praying)

Statistics: Posted by psycoakira — 02 Feb 2020, 13:24

Re: Downed the client from the official page - Malware detec

2020-02-02T13:17:50+02:00

windows is overprotective and your antivirus is terrible

you shouldn't run any application with admin perms anyway so not sure why you'd want to do that

Statistics: Posted by PhilipJFry — 02 Feb 2020, 13:17

Downed the client from the official page - Malware detected!

2020-02-02T13:07:06+02:00

Hi there,

after some pause I decided to download the client again. Checked the side (as usual) FAForever.com and downloaded the client installer dfc_windows-x64_1_1_2.exe run it and my windows stops the installation. I have to extra click to run the installation. Run the installation and try to open the client. Client tells me to not run it as an admin (strange) so i do it again. Avast stops the client because it is INFESTED with IDP.Generic (a trojan). I put inside container and could even not deinstall cause it is also infected with IDP.generic.

What the hell is going on. Somebody pirated the link from the official page? Don't tell me some bollocks reasons why the client needs nowadays to run in a way to be falsly detected as malware or a trojan.

Where can I get the real client pls? The one who will not install malicious software trying to take over my computer?

Thanks for your help!

All the best
Psyco

Statistics: Posted by psycoakira — 02 Feb 2020, 13:07