X3ap_bonus_pack_5.1.0.0(1).exe is a threat?

Anything not relating to the X-Universe games (general tech talk, other games...) belongs here. Please read the rules before posting.

Moderator: Moderators for English X Forum

greypanther
Posts: 1135
Joined: Wed, 24. Nov 10, 21:54
x3ap

X3ap_bonus_pack_5.1.0.0(1).exe is a threat?

Post by greypanther » Sun, 26. Nov 17, 16:13

The wonderful Norton has just told me the above file is a threat and has been removed, based on: threat name: ws reputation-1. WTF is going on? No I am not going to remove Norton at the moment either! :P
It seems another threat is from: Heur.Adv ML.B, which looking online is claimed to be a trojan malware? True or a steaming pile of? It has they say been on my PC for nearly six years! Malwarebytes spotted nothing during those six years... that is it seems from the X2TC bonus package and has been here even longer.

Norton has removed both bonus packages, the X3TC one to quarantine.
Last edited by greypanther on Sun, 26. Nov 17, 16:47, edited 1 time in total.
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth

User avatar
red assassin
Posts: 635
Joined: Sun, 15. Feb 04, 16:11
x3

Post by red assassin » Sun, 26. Nov 17, 16:38

It's almost certainly a false positive - "ws reputation-1" is Norton's file reputation based detection (i.e., how much have we seen this before etc) and Heur.Adv ML.B is a machine learning based heuristic.

You can upload it to https://www.virustotal.com/ to run it past a large set of different antiviruses if you want to get more confidence that it's a false positive.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

matthewfarmery
Posts: 1092
Joined: Fri, 9. Apr 04, 17:49
x3

Post by matthewfarmery » Sun, 26. Nov 17, 16:40

Blame Norton, that thing seems to pickup a heap of false positives. It might get good reviews, but it has a pretty bad detection engine. The steam forums have a few of such threads, and the blame is with norton.

Until norton gets better in this area, I wouldn't touch it with a ten foot bargepole.
[http://gamerschoiceuk.com/ a multi game help site that offers help for X2, WoW, guild wars and many others

greypanther
Posts: 1135
Joined: Wed, 24. Nov 10, 21:54
x3ap

Post by greypanther » Sun, 26. Nov 17, 16:40

Thank you for that Red. :)

What about the Heur.Adv ML.B it claims to have detected on the 5th of November?
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth

User avatar
mrbadger
Posts: 5650
Joined: Fri, 28. Oct 05, 17:27
x3tc

Post by mrbadger » Sun, 26. Nov 17, 17:06

Unfortunately, Third party Antivirus software is, for the most part, a waste of time these days.

Little more than a system resource hog that wastes said resources needlessly and costs money for no reason.

A legally obtained operating system, kept up to date, that is free of dodgy software (pretty easy to do these days) is more or less all you need. Windows comes with its own Antivirus toolset which works pretty well at keeping the system safe and doesn't impact system runtime speed. And don't open email attachments that are executable. But Google again do a pretty good job of screening these.

A backup system for essential files to protect those in case your system really does get hit by something bad is usually sufficient. I haven't used antivirus for I think ten years. I got hit by one virus from a usb stick on windows about 7 years back, and I downloaded a tool to deal with that at the time.

Or you could drink the coolaid and slow your system down constantly to protect against a threat that might possibly hit you once every few years, if ever (on a properly set up windows system).

Also, Norton is one of the very worst offenders in being a system resource hog.
If an injury has to be done to a man it should be so severe that his vengeance need not be feared. ... Niccolò Machiavelli

User avatar
red assassin
Posts: 635
Joined: Sun, 15. Feb 04, 16:11
x3

Post by red assassin » Sun, 26. Nov 17, 18:31

greypanther wrote:Thank you for that Red. :)

What about the Heur.Adv ML.B it claims to have detected on the 5th of November?
As I said, that's a machine learning based heuristic - if it flagged on a new file you'd just downloaded or whatever I might be at least a bit suspicious, but when it's a trusted file you've had for years it seems unlikely it's malicious. You can likewise check it on VirusTotal to see if anything else flags it.


As mrbadger says, these days I wouldn't generally recommend running any third-party AV - a regularly updated Windows 10 and and Windows Defender is by far the most secure option. The other concern with AV he didn't mention is privacy - an AV by definition has complete freedom to dig through your files and copy anything it feels like to the mothership, so you might as well stick to one company being able to do that rather than two.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

User avatar
Morkonan
Posts: 1907
Joined: Sun, 25. Sep 11, 04:33
x3tc

Post by Morkonan » Sun, 26. Nov 17, 19:38

The most important anti-virus is the user's own wetware.

In this case, greypanther is doing the right thing, attempting to ensure the security of his system by closely monitoring what files are allowed to install things and by using an antivirus program.

In the great scheme of things, that's good. In fact, compared to some, it's outstanding and excellent behavior. Questioning everything, even a software package obtained from a known website run by a known company the user has a long positive association with - Exemplary security practice!

That being said, Norton, once a "gold standard" in the popular anti-virus market, doesn't have the reputation it used to. Back in the day when browsers were literal sieves and a person's OS was practically as naked as a newborn baby, it was a lifesaver. Today, unfortunately, it and other large packages tend to cause more problems than they help to prevent.

Anyway, good for you, greypanther, you're doing it right. Unfortunately, it's likely that Norton isn't. It's not really doing things "wrong", it's likely just a case of mistaken identity.

Virustotal is a great way to check individual files, by the way. If you truly still have concerns, use it. It's easy, just a quick upload and let it do its stuff.

I'm a fan of running self-contained, third-party, non-resident, anti-virus software in conjunction with the standard resident protection from Windows Defender and using good "safe-surfing" practices and basic OS stewardship. (Malwarebytes is a favorite, free, anti-malware prog.)

A note: One thing that seems to be pretty common is that when a user's AV program lights up and gives them a warning, it tends to reinforce the idea that "it's working." It doesn't matter if it's a false positive or just a normal system warning - Every instance of it informing the user it is working to protect them, whether it's a legitimate warning or not, reinforces that idea. The more complex fiddly bits are in it, the more complex and thus "robust" it seems to the user, no matter why those fiddly bits are there. IOW - False positives reinforce an idea of competency. Imagine that!


PS- A related question: I used to have either a batch file or list of switch commands that would prevent Windows from forcing "Sleep Mode" during scans with Defender and other third-party AV apps. I can't find it and can't seem to locate the Microsoft thread I originally copied it from. This is a known issue that hasn't been addressed by Microsoft and it's annoying, especially when one wishes to scan drives with bajillions of files on them... Can anyone recommend a workaround so I don't have to use system-settings to prevent Sleep modes during unattended, long, scans?

Alan Phipps
Moderator (English)
Moderator (English)
Posts: 18724
Joined: Fri, 16. Apr 04, 19:21
x4

Post by Alan Phipps » Sun, 26. Nov 17, 19:56

@ greypanther: Just for information, I use fully-updated and current Norton Security and regularly load the X3 games with their BPs - all without such false-positive issues. Do you perhaps have your Norton threat detection options set to extremely low threat levels? (Obviously the lower the threat risk level having to be detected, the more checks have to be done and the greater the likelihood of false positives.)

In my role as a forum Moderator including the checking of registrations and posts with potentially dodgy links and embedded malware, I have found Norton's actual interventions and site-cautions at a 'normal' threat level to be most reassuring and effective. I haven't seen any noticeable slowdowns using it; indeed the bundled free Norton Utilities 2016 application keeps my system far cleaner and faster than it used to be. I don't have any privacy hang-ups about Norton either.

Each to their own comfort zones though, and I really don't want or need converting to any other security or privacy regime thanks. :wink:
A dog has a master; a cat has domestic staff.

User avatar
The Q
Pancake Award Winner 2017
Posts: 351
Joined: Fri, 20. Nov 09, 22:02

Post by The Q » Sun, 26. Nov 17, 20:05

X3ap_bonus_pack_5.1.0.0(1).exe is a threat?
You know what the real threat is? X2! :p





(I'm kind of disappointed that no one has made that joke yet.)
Morkonan, Emperor of the Unaffiliated Territories of the Principality of OFF-TOPIC, wrote:I have come to answer your questions! The answers are "Yes" and "Probably" as well as "No" and "Maybe", but I'm not sure in which order they should be given.
xkcd: Duty calls

User avatar
Morkonan
Posts: 1907
Joined: Sun, 25. Sep 11, 04:33
x3tc

Post by Morkonan » Sun, 26. Nov 17, 20:34

The Q wrote:(I'm kind of disappointed that no one has made that joke yet.)
Image

User avatar
The Q
Pancake Award Winner 2017
Posts: 351
Joined: Fri, 20. Nov 09, 22:02

Post by The Q » Sun, 26. Nov 17, 20:36

Perfect use of the meme. :D :thumb_up:
Morkonan, Emperor of the Unaffiliated Territories of the Principality of OFF-TOPIC, wrote:I have come to answer your questions! The answers are "Yes" and "Probably" as well as "No" and "Maybe", but I'm not sure in which order they should be given.
xkcd: Duty calls

matthewfarmery
Posts: 1092
Joined: Fri, 9. Apr 04, 17:49
x3

Post by matthewfarmery » Sun, 26. Nov 17, 21:24

red assassin wrote:
greypanther wrote:Thank you for that Red. :)

What about the Heur.Adv ML.B it claims to have detected on the 5th of November?
As I said, that's a machine learning based heuristic - if it flagged on a new file you'd just downloaded or whatever I might be at least a bit suspicious, but when it's a trusted file you've had for years it seems unlikely it's malicious. You can likewise check it on VirusTotal to see if anything else flags it.


As mrbadger says, these days I wouldn't generally recommend running any third-party AV - a regularly updated Windows 10 and and Windows Defender is by far the most secure option. The other concern with AV he didn't mention is privacy - an AV by definition has complete freedom to dig through your files and copy anything it feels like to the mothership, so you might as well stick to one company being able to do that rather than two.
I wouldn't put much faith with windows defender

http://uk.pcmag.com/windows-defender-be ... ity-center

worth a read. sure it might have improved some from earlier versions, but I wouldn't trust that much more then I would trust norton. also in AV testing labs, defender doesn't always get good scores.
[http://gamerschoiceuk.com/ a multi game help site that offers help for X2, WoW, guild wars and many others

User avatar
red assassin
Posts: 635
Joined: Sun, 15. Feb 04, 16:11
x3

Post by red assassin » Sun, 26. Nov 17, 22:01

matthewfarmery wrote:I wouldn't put much faith with windows defender

http://uk.pcmag.com/windows-defender-be ... ity-center

worth a read. sure it might have improved some from earlier versions, but I wouldn't trust that much more then I would trust norton. also in AV testing labs, defender doesn't always get good scores.
This sort of test of an antivirus product is an outdated holdover from the early 2000s, and hasn't reflected the state of PC security since Microsoft started taking security seriously (woefully late, it has to be said). Indeed, even if AV was a good idea in the first place, they're actively harmful to the security of the average consumer AV product, because they require that they maintain detection for an archive of historical threats irrelevant to a modern computer.

Here's the thing: in the great big list of "actions you should take to not get pwned", "use an AV product" is so far down as to not really matter very much any more. The important items are stuff like keep your browser up to date, use Windows 10 (or the latest version of your OS of choice) and keep that up to date, use an email service with good filtering on it, and don't do dumb stuff like entering your credentials anywhere, enabling macros in a document, or opening executable files unless you're absolutely, 100% sure about the source.

AV's only real purpose on a modern system is to try and catch cases of the user being actively dumb, given that modern security measures have pretty much killed off drive-by exploitation, and the thing is it's not even very good at that. For any given new threat, the author of said threat is going to have run it past a big set of common AVs and tweaked it until none of them catch it. Sure, it'll get detected pretty quickly after they email it to ten million people, but it's a bit late by then. The difference between a "good" AV and a "bad" AV at that point is mostly about how quickly the threat gets flagged to them and quickly they get updates rolled out after that, but either way it's still too late to matter. (And in the case of Windows Defender, Microsoft are getting better than anyone at this sort of thing, given the scale of the telemetry they get from every Windows deployment.)

Given this derisory position in the grand hierarchy of security measures, the privacy issues, and the fact that AV itself can be a security risk in itself (there have been a number of recent issues with serious security flaws found in AV products!), I argue that using a third party antivirus is worse than using Windows Defender. We've all been conditioned by two decades of unforgivably lax approaches to security by major OS vendors that antivirus is required, so now people, like the review above, automatically ask "which AV should I use" and not the better question of "what security steps should I take".
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

greypanther
Posts: 1135
Joined: Wed, 24. Nov 10, 21:54
x3ap

Post by greypanther » Sun, 26. Nov 17, 22:07

Alan Phipps wrote:@ greypanther: Just for information, I use fully-updated and current Norton Security and regularly load the X3 games with their BPs - all without such false-positive issues. Do you perhaps have your Norton threat detection options set to extremely low threat levels? (Obviously the lower the threat risk level having to be detected, the more checks have to be done and the greater the likelihood of false positives.)

In my role as a forum Moderator including the checking of registrations and posts with potentially dodgy links and embedded malware, I have found Norton's actual interventions and site-cautions at a 'normal' threat level to be most reassuring and effective. I haven't seen any noticeable slowdowns using it; indeed the bundled free Norton Utilities 2016 application keeps my system far cleaner and faster than it used to be. I don't have any privacy hang-ups about Norton either.

Each to their own comfort zones though, and I really don't want or need converting to any other security or privacy regime thanks. :wink:
Yes I have checked and tweaked a little bit, thanks, Norton removed the perceived threats without asking too! I too did not notice much difference between no Norton, ( before installed, ) and Norton installed, no apparent slowdowns, though I guess that could just be me not knowing what to look out for. That is the core of the problem for me though, I lack much in the way of self confidence anymore, am always doubting myself.

You know the worst thing Alan? I will download the bonus pack again, but I have forgotten how to specify where the download will go, which is a minor problem as I have three versions of AP installed, each slightly different. The download is automatic from the exe., yes?

I agree with Matthew regarding Defender as I have read too many articles explaining how inadequate it is, over several years. I am also running Windows 7, not 10, so will continue to avoid, even if it improved now. I will stick with Cool Aid as mrbadger says, at least until it comes to renew again. :roll:

Edit: Virustotal is bookmarked now too, thank you.

Edit2: Touching wood here, but I have never had a virus by the way, so even my ill educated, perhaps paranoid ways, cannot be that bad... :roll:
( Privacy is nothing but an illusion by the way! :P )
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth

User avatar
felter
Posts: 108
Joined: Sat, 9. Nov 02, 19:13
xr

Post by felter » Mon, 27. Nov 17, 04:01

I had Norton once upon a time on my computer, one day the computer slowed down to a near standstill, I used Norton to do a scan and nothing, it was perfectly clean. I used another AV program and it found a virus, but this thing had been left to go on a rampage throughout my computer, there were over 1000 instances of it but Norton couldn't even find one of them. Wouldn't be so bad if it had been a new virus, but this one had been around for several years and everyone apart from Norton knew about it. it was so bad I had to do a complete system wipe and re-install of the OS, it was the only way to remove the virus and of course Norton.

On another note. I did a scan the other month there and my AV found a virus, my own pet virus I've had it for sometime now. It's a good little virus, doesn't bother anyone but Avira finally noticed it and classed it as a nasty virus, which is pretty impressive as it will not be registered on any kind of data base and has never been released as a virus onto the general public and wouldn't do anyone any harm even if it was. Mind you it might be the key login part of it that Avira didn't like, maybe there is something in it's programming, makes me wonder if Norton would notice it.
I'm not saying he is a Russian asset, I'm saying he sat on his asset when he was supposed to be confronting Putin.
#AlertTheDaycareStaff #denturedonald

Post Reply

Return to “Off Topic English”