EnglishGermanFrenchRussianItalianSpanish
Log inRegister
 
X3ap_bonus_pack_5.1.0.0(1).exe is a threat?
Post new topic Reply to topic Goto page 1, 2  Next
View previous topic :: View next topic
Author Message
greypanther





Joined: 24 Nov 2010
Posts: 1114 on topic
Location: England.
Thank you for registering your game
modified
PostPosted: Sun, 26. Nov 17, 16:13    Post subject: X3ap_bonus_pack_5.1.0.0(1).exe is a threat? Reply with quote Print

The wonderful Norton has just told me the above file is a threat and has been removed, based on: threat name: ws reputation-1. WTF is going on? No I am not going to remove Norton at the moment either! Razz
It seems another threat is from: Heur.Adv ML.B, which looking online is claimed to be a trojan malware? True or a steaming pile of? It has they say been on my PC for nearly six years! Malwarebytes spotted nothing during those six years... that is it seems from the X2TC bonus package and has been here even longer.

Norton has removed both bonus packages, the X3TC one to quarantine.


_________________
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth


Last edited by greypanther on Sun, 26. Nov 17, 16:47; edited 1 time in total
Back to top
View user's profile Send private message
red assassin





Joined: 15 Feb 2004
Posts: 593 on topic
Location: Oxford, UK
Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 16:38    Post subject: Reply with quote Print

It's almost certainly a false positive - "ws reputation-1" is Norton's file reputation based detection (i.e., how much have we seen this before etc) and Heur.Adv ML.B is a machine learning based heuristic.

You can upload it to https://www.virustotal.com/ to run it past a large set of different antiviruses if you want to get more confidence that it's a false positive.


_________________
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way
Back to top
View user's profile Send private message
matthewfarmery





Joined: 09 Apr 2004
Posts: 1080 on topic
Location: England
Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 16:40    Post subject: Reply with quote Print

Blame Norton, that thing seems to pickup a heap of false positives. It might get good reviews, but it has a pretty bad detection engine. The steam forums have a few of such threads, and the blame is with norton.

Until norton gets better in this area, I wouldn't touch it with a ten foot bargepole.


_________________
[http://gamerschoiceuk.com/ a multi game help site that offers help for X2, WoW, guild wars and many others
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
greypanther





Joined: 24 Nov 2010
Posts: 1114 on topic
Location: England.
Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 16:40    Post subject: Reply with quote Print

Thank you for that Red. Smile

What about the Heur.Adv ML.B it claims to have detected on the 5th of November?


_________________
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth
Back to top
View user's profile Send private message
mrbadger





Joined: 28 Oct 2005
Posts: 5655 on topic

Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 17:06    Post subject: Reply with quote Print

Unfortunately, Third party Antivirus software is, for the most part, a waste of time these days.

Little more than a system resource hog that wastes said resources needlessly and costs money for no reason.

A legally obtained operating system, kept up to date, that is free of dodgy software (pretty easy to do these days) is more or less all you need. Windows comes with its own Antivirus toolset which works pretty well at keeping the system safe and doesn't impact system runtime speed. And don't open email attachments that are executable. But Google again do a pretty good job of screening these.

A backup system for essential files to protect those in case your system really does get hit by something bad is usually sufficient. I haven't used antivirus for I think ten years. I got hit by one virus from a usb stick on windows about 7 years back, and I downloaded a tool to deal with that at the time.

Or you could drink the coolaid and slow your system down constantly to protect against a threat that might possibly hit you once every few years, if ever (on a properly set up windows system).

Also, Norton is one of the very worst offenders in being a system resource hog.


_________________
If an injury has to be done to a man it should be so severe that his vengeance need not be feared. ... Niccolò Machiavelli
Back to top
View user's profile Send private message Visit poster's website
red assassin





Joined: 15 Feb 2004
Posts: 593 on topic
Location: Oxford, UK
Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 18:31    Post subject: Reply with quote Print

greypanther wrote:
Thank you for that Red. Smile

What about the Heur.Adv ML.B it claims to have detected on the 5th of November?

As I said, that's a machine learning based heuristic - if it flagged on a new file you'd just downloaded or whatever I might be at least a bit suspicious, but when it's a trusted file you've had for years it seems unlikely it's malicious. You can likewise check it on VirusTotal to see if anything else flags it.


As mrbadger says, these days I wouldn't generally recommend running any third-party AV - a regularly updated Windows 10 and and Windows Defender is by far the most secure option. The other concern with AV he didn't mention is privacy - an AV by definition has complete freedom to dig through your files and copy anything it feels like to the mothership, so you might as well stick to one company being able to do that rather than two.


_________________
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way
Back to top
View user's profile Send private message
Morkonan





Joined: 25 Sep 2011
Posts: 1614 on topic

Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 19:38    Post subject: Reply with quote Print

The most important anti-virus is the user's own wetware.

In this case, greypanther is doing the right thing, attempting to ensure the security of his system by closely monitoring what files are allowed to install things and by using an antivirus program.

In the great scheme of things, that's good. In fact, compared to some, it's outstanding and excellent behavior. Questioning everything, even a software package obtained from a known website run by a known company the user has a long positive association with - Exemplary security practice!

That being said, Norton, once a "gold standard" in the popular anti-virus market, doesn't have the reputation it used to. Back in the day when browsers were literal sieves and a person's OS was practically as naked as a newborn baby, it was a lifesaver. Today, unfortunately, it and other large packages tend to cause more problems than they help to prevent.

Anyway, good for you, greypanther, you're doing it right. Unfortunately, it's likely that Norton isn't. It's not really doing things "wrong", it's likely just a case of mistaken identity.

Virustotal is a great way to check individual files, by the way. If you truly still have concerns, use it. It's easy, just a quick upload and let it do its stuff.

I'm a fan of running self-contained, third-party, non-resident, anti-virus software in conjunction with the standard resident protection from Windows Defender and using good "safe-surfing" practices and basic OS stewardship. (Malwarebytes is a favorite, free, anti-malware prog.)

A note: One thing that seems to be pretty common is that when a user's AV program lights up and gives them a warning, it tends to reinforce the idea that "it's working." It doesn't matter if it's a false positive or just a normal system warning - Every instance of it informing the user it is working to protect them, whether it's a legitimate warning or not, reinforces that idea. The more complex fiddly bits are in it, the more complex and thus "robust" it seems to the user, no matter why those fiddly bits are there. IOW - False positives reinforce an idea of competency. Imagine that!


PS- A related question: I used to have either a batch file or list of switch commands that would prevent Windows from forcing "Sleep Mode" during scans with Defender and other third-party AV apps. I can't find it and can't seem to locate the Microsoft thread I originally copied it from. This is a known issue that hasn't been addressed by Microsoft and it's annoying, especially when one wishes to scan drives with bajillions of files on them... Can anyone recommend a workaround so I don't have to use system-settings to prevent Sleep modes during unattended, long, scans?

Back to top
View user's profile Send private message
Alan Phipps
Moderator (English)
Moderator (English)

MEDALMEDALMEDAL

Joined: 16 Apr 2004
Posts: 17960 on topic
Location: Stonehenge, UK
Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 19:56    Post subject: Reply with quote Print

@ greypanther: Just for information, I use fully-updated and current Norton Security and regularly load the X3 games with their BPs - all without such false-positive issues. Do you perhaps have your Norton threat detection options set to extremely low threat levels? (Obviously the lower the threat risk level having to be detected, the more checks have to be done and the greater the likelihood of false positives.)

In my role as a forum Moderator including the checking of registrations and posts with potentially dodgy links and embedded malware, I have found Norton's actual interventions and site-cautions at a 'normal' threat level to be most reassuring and effective. I haven't seen any noticeable slowdowns using it; indeed the bundled free Norton Utilities 2016 application keeps my system far cleaner and faster than it used to be. I don't have any privacy hang-ups about Norton either.

Each to their own comfort zones though, and I really don't want or need converting to any other security or privacy regime thanks. Wink


_________________
A dog has a master; a cat has domestic staff.
Back to top
View user's profile Send private message
The Q
Pancake Award Winner 2017




Joined: 20 Nov 2009



PostPosted: Sun, 26. Nov 17, 20:05    Post subject: Reply with quote Print

Quote:
X3ap_bonus_pack_5.1.0.0(1).exe is a threat?


You know what the real threat is? X2! Razz





(I'm kind of disappointed that no one has made that joke yet.)


_________________
Morkonan, Emperor of the Unaffiliated Territories of the Principality of OFF-TOPIC, wrote:
I have come to answer your questions! The answers are "Yes" and "Probably" as well as "No" and "Maybe", but I'm not sure in which order they should be given.

xkcd: Duty calls
Back to top
View user's profile Send private message
Morkonan





Joined: 25 Sep 2011
Posts: 1614 on topic

Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 20:34    Post subject: Reply with quote Print

The Q wrote:
(I'm kind of disappointed that no one has made that joke yet.)




Back to top
View user's profile Send private message
The Q
Pancake Award Winner 2017




Joined: 20 Nov 2009



PostPosted: Sun, 26. Nov 17, 20:36    Post subject: Reply with quote Print

Perfect use of the meme. Very Happy Thumb up


_________________
Morkonan, Emperor of the Unaffiliated Territories of the Principality of OFF-TOPIC, wrote:
I have come to answer your questions! The answers are "Yes" and "Probably" as well as "No" and "Maybe", but I'm not sure in which order they should be given.

xkcd: Duty calls
Back to top
View user's profile Send private message
matthewfarmery





Joined: 09 Apr 2004
Posts: 1080 on topic
Location: England
Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 21:24    Post subject: Reply with quote Print

red assassin wrote:
greypanther wrote:
Thank you for that Red. Smile

What about the Heur.Adv ML.B it claims to have detected on the 5th of November?

As I said, that's a machine learning based heuristic - if it flagged on a new file you'd just downloaded or whatever I might be at least a bit suspicious, but when it's a trusted file you've had for years it seems unlikely it's malicious. You can likewise check it on VirusTotal to see if anything else flags it.


As mrbadger says, these days I wouldn't generally recommend running any third-party AV - a regularly updated Windows 10 and and Windows Defender is by far the most secure option. The other concern with AV he didn't mention is privacy - an AV by definition has complete freedom to dig through your files and copy anything it feels like to the mothership, so you might as well stick to one company being able to do that rather than two.


I wouldn't put much faith with windows defender

http://uk.pcmag.com/windows-defender-beta-2/25697/review/microsoft-windows-defender-security-center

worth a read. sure it might have improved some from earlier versions, but I wouldn't trust that much more then I would trust norton. also in AV testing labs, defender doesn't always get good scores.


_________________
[http://gamerschoiceuk.com/ a multi game help site that offers help for X2, WoW, guild wars and many others
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
red assassin





Joined: 15 Feb 2004
Posts: 593 on topic
Location: Oxford, UK
Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 22:01    Post subject: Reply with quote Print

matthewfarmery wrote:
I wouldn't put much faith with windows defender

http://uk.pcmag.com/windows-defender-beta-2/25697/review/microsoft-windows-defender-security-center

worth a read. sure it might have improved some from earlier versions, but I wouldn't trust that much more then I would trust norton. also in AV testing labs, defender doesn't always get good scores.

This sort of test of an antivirus product is an outdated holdover from the early 2000s, and hasn't reflected the state of PC security since Microsoft started taking security seriously (woefully late, it has to be said). Indeed, even if AV was a good idea in the first place, they're actively harmful to the security of the average consumer AV product, because they require that they maintain detection for an archive of historical threats irrelevant to a modern computer.

Here's the thing: in the great big list of "actions you should take to not get pwned", "use an AV product" is so far down as to not really matter very much any more. The important items are stuff like keep your browser up to date, use Windows 10 (or the latest version of your OS of choice) and keep that up to date, use an email service with good filtering on it, and don't do dumb stuff like entering your credentials anywhere, enabling macros in a document, or opening executable files unless you're absolutely, 100% sure about the source.

AV's only real purpose on a modern system is to try and catch cases of the user being actively dumb, given that modern security measures have pretty much killed off drive-by exploitation, and the thing is it's not even very good at that. For any given new threat, the author of said threat is going to have run it past a big set of common AVs and tweaked it until none of them catch it. Sure, it'll get detected pretty quickly after they email it to ten million people, but it's a bit late by then. The difference between a "good" AV and a "bad" AV at that point is mostly about how quickly the threat gets flagged to them and quickly they get updates rolled out after that, but either way it's still too late to matter. (And in the case of Windows Defender, Microsoft are getting better than anyone at this sort of thing, given the scale of the telemetry they get from every Windows deployment.)

Given this derisory position in the grand hierarchy of security measures, the privacy issues, and the fact that AV itself can be a security risk in itself (there have been a number of recent issues with serious security flaws found in AV products!), I argue that using a third party antivirus is worse than using Windows Defender. We've all been conditioned by two decades of unforgivably lax approaches to security by major OS vendors that antivirus is required, so now people, like the review above, automatically ask "which AV should I use" and not the better question of "what security steps should I take".


_________________
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way
Back to top
View user's profile Send private message
greypanther





Joined: 24 Nov 2010
Posts: 1114 on topic
Location: England.
Thank you for registering your game
PostPosted: Sun, 26. Nov 17, 22:07    Post subject: Reply with quote Print

Alan Phipps wrote:
@ greypanther: Just for information, I use fully-updated and current Norton Security and regularly load the X3 games with their BPs - all without such false-positive issues. Do you perhaps have your Norton threat detection options set to extremely low threat levels? (Obviously the lower the threat risk level having to be detected, the more checks have to be done and the greater the likelihood of false positives.)

In my role as a forum Moderator including the checking of registrations and posts with potentially dodgy links and embedded malware, I have found Norton's actual interventions and site-cautions at a 'normal' threat level to be most reassuring and effective. I haven't seen any noticeable slowdowns using it; indeed the bundled free Norton Utilities 2016 application keeps my system far cleaner and faster than it used to be. I don't have any privacy hang-ups about Norton either.

Each to their own comfort zones though, and I really don't want or need converting to any other security or privacy regime thanks. Wink


Yes I have checked and tweaked a little bit, thanks, Norton removed the perceived threats without asking too! I too did not notice much difference between no Norton, ( before installed, ) and Norton installed, no apparent slowdowns, though I guess that could just be me not knowing what to look out for. That is the core of the problem for me though, I lack much in the way of self confidence anymore, am always doubting myself.

You know the worst thing Alan? I will download the bonus pack again, but I have forgotten how to specify where the download will go, which is a minor problem as I have three versions of AP installed, each slightly different. The download is automatic from the exe., yes?

I agree with Matthew regarding Defender as I have read too many articles explaining how inadequate it is, over several years. I am also running Windows 7, not 10, so will continue to avoid, even if it improved now. I will stick with Cool Aid as mrbadger says, at least until it comes to renew again. Rolling Eyes

Edit: Virustotal is bookmarked now too, thank you.

Edit2: Touching wood here, but I have never had a virus by the way, so even my ill educated, perhaps paranoid ways, cannot be that bad... Rolling Eyes
( Privacy is nothing but an illusion by the way! Razz )


_________________
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth
Back to top
View user's profile Send private message
felter





Joined: 09 Nov 2002
Posts: 45 on topic
Location: Livingston,Scotland
Thank you for registering your game
PostPosted: Mon, 27. Nov 17, 04:01    Post subject: Reply with quote Print

I had Norton once upon a time on my computer, one day the computer slowed down to a near standstill, I used Norton to do a scan and nothing, it was perfectly clean. I used another AV program and it found a virus, but this thing had been left to go on a rampage throughout my computer, there were over 1000 instances of it but Norton couldn't even find one of them. Wouldn't be so bad if it had been a new virus, but this one had been around for several years and everyone apart from Norton knew about it. it was so bad I had to do a complete system wipe and re-install of the OS, it was the only way to remove the virus and of course Norton.

On another note. I did a scan the other month there and my AV found a virus, my own pet virus I've had it for sometime now. It's a good little virus, doesn't bother anyone but Avira finally noticed it and classed it as a nasty virus, which is pretty impressive as it will not be registered on any kind of data base and has never been released as a virus onto the general public and wouldn't do anyone any harm even if it was. Mind you it might be the key login part of it that Avira didn't like, maybe there is something in it's programming, makes me wonder if Norton would notice it.


_________________
I'm not saying he is a Russian asset, I'm saying he sat on his asset when he was supposed to be confronting Putin.
#AlertTheDaycareStaff #denturedonald
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic Reply to topic Goto page 1, 2  Next
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Control Panel
Login Data
The time now is Thu, 20. Sep 18, 10:21

All times are GMT + 2 Hours

[ Disclaimer / Impressum ] | [ Privacy Policy / Datenschutz ]

Board Security

Copyright © EGOSOFT 1989-2018
Powered by phpBB © 2001, 2005 phpBB Group
Template created by Avatar & BurnIt!
Debug: page generation = 0.14367 seconds, sql queries = 29