This forum is archived and read only.Please move to the new forum!

[psycoakira]

Hi there,

after some pause I decided to download the client again. Checked the side (as usual) FAForever.com and downloaded the client installer dfc_windows-x64_1_1_2.exe run it and my windows stops the installation. I have to extra click to run the installation. Run the installation and try to open the client. Client tells me to not run it as an admin (strange) so i do it again. Avast stops the client because it is INFESTED with IDP.Generic (a trojan). I put inside container and could even not deinstall cause it is also infected with IDP.generic.

What the hell is going on. Somebody pirated the link from the official page? Don't tell me some bollocks reasons why the client needs nowadays to run in a way to be falsly detected as malware or a trojan.

Where can I get the real client pls? The one who will not install malicious software trying to take over my computer?

Thanks for your help!

All the best
Psyco

[PhilipJFry]

windows is overprotective and your antivirus is terrible

you shouldn't run any application with admin perms anyway so not sure why you'd want to do that

[psycoakira]

Thanks Philip,

so it's exactly like i feared.
Bollocks reasons and the usual: your antivirus is terrible. I found through a quick google search on the top page two other discussions with two other virus programs also detecting this trojan. And no windows is not overprotective.
What happened to the well running old client where you dont needed to use trojans or detected as trojans programs or we are analyzing deep in your pc to generate a unique player id?
I only extra started the installer as admin and dont do it perm.

So please answer a simple question: Is this the state of FAForever now? Is this the officially used client ? Because if it is, I will not find myself in a scenario like: Oh it could be misused by us to do shit on your computer but good news: We won't do it because we are just committed guys for tha game. Will not happen. Would break my heart but that would be it for me and FAForever like forever.
Thanks for your time and I am so hoping to read the answer I hope there will be. (Crossing fingers and praying)

[PhilipJFry]

Client tells me to not run it as an admin (strange) so i do it again.

I only extra started the installer as admin and dont do it perm.

the client will tell you not to run the client with admin perms cause that may break stuff
the installer doesn't have such a notification because you obviously need admin perms to install an application on your computer

you are using a windows defender feature that will warn you upon installing unknown applications
if you don't want that much protection then change your windows security settings I guess

not sure what you found by using google and if it is related to FAF in any way whatsoever but we don't collect UIDs since we force every user to link their account to steam anyway

so the answer is still the same
don't run the application as admin or you will get a warning regarding doing so

[Geosearchef]

If you're running windows you basically get every application by downloading it from the vendors page. So you have to trust the vendor of that software (including windows itself) . If you're unable to do that, you cannot run the software or should switch to an operating system with a central packet repository where each application gets checked before being allowed in.
This is not just about FAF, it's about every app you install on your system.

With FAF, you're actually in luck. We're an open source project and provide the sources of all software we use for free. So if you don't trust the binary download on the website, feel free to go to github.com/FAForever/downlords-faf-client, read the code and build the client from source yourself to ensure you know what exactly you're executing on your machine.

About your antivirus, there is no way an antivirus software will protect you from a malware that it hasn't seen before (if that malware isn't designed in a dumb way) . The only thing your AV software is doing to achieve this is by looking for some patterns in behaviour and quarantining software when it finds those. This is what happened in your case. Sadly this is most of the time a result of non malicious behaviour. Your antivirus is mainly a psychological tool, it will protect you from old, known or cheaply written malware, but othrr than that it's pretty useless. What actually matters is just running software from trusted vendors. (I actually do not run an AV software on most of my setups)

So in the end it boils down to if you trust FAF (and microsoft, and google, and mozilla, and.... basically every software on your computer). If you cannot do that and are also unable to check and build the source code yourself, I'd suggest stopping to use a computer at all.

[psycoakira]

Sorry so I try to clarify things up:

I run the installer as admin and then the installer started the client (as admin cause the installer was run as admin).
After the notification by the client to not run as admin i checked the preferences of the exe (not run as client so ok) and restarted the client (not as admin).
SO this part is not part of further discussion since it is not a problem.

When I wanted to start the client my antivir programm (AVAST approx. 435 million users so cant be that shitty, right) immediately stopped the client from running and informed me that it is infested with IDP.generic. So I stopped the client and moved it to container. Tried to uninstall the client through apps & features of system controll but even the uninstaller is infested so I deleted it and run several antivir and malware programs over.

So my problem and question is:
a) Is this the official version of the client
b) if a) yes, why is it containing a trojan?
And no, its not a problem of my antivir. Please see these links:
https://github.com/FAForever/downlords- ... issues/461 - detected a trojan inside the client by BitDefender
https://forum.kaspersky.com/index.php?/ ... as-trojan/ - flagging the client as a trojan by Kaspersky

If this is the official version and it is marked as a trojan - then after 7 years I will simply leave FAForever crying my eyes out.

There is in my opinion no reason whatsoever why the client should be marked or detected as containing trojans by several antivir programs other then .. yeah containing shitty things. ALso because ALL earlier versions of the client I used never had that problem. And all my other software I use doesn't get prompted as malware. And sorry I am not Neo the great hacker or Zero-cool or whatever. I am a normal user. But until now I could do all I wanted and never had a problem.

Please be so kind and ellaborate. Thank you in advance for your time and answer.

[Strogo]

You can try old client, it's still operational. I can't guarantee that your antivirus won't find trojan there as well Anyway, both client are 100% safe for your PC and don't contain any malware.

https://github.com/FAForever/client/releases

Also just listen to Geo and don't be so paranoid. You can always grab source code from git and run client using it.

[PhilipJFry]

even if you run the game from within the installer it won't run with admin perms

the threads you linked are very outdated and not related to the current installer

just because lots of people buy snake oil doesn't mean it makes any sense
if you are too afraid to run an application then just don't I guess and don't do it with admin permissions if you don't know what you're doing

[tatsu]

I run the installer as admin

don't.

never do that.

run by double-clicking it, the when the configuration steps are over and it prepares to write to disk and asks windows to for elevated privileges allow that.

[TheKoopa]

There is no virus. It's a false positive. Simple as that.

And yes antiviruses are typically garbage. As long as you don't go around porn sites clicking "There's a hot single in your area" ads, windows defender is all you need