Author Topic: Scripting Engine Has Been Modified SOLVED (Read 12058 times)

iaincmac · « **Reply #15 on:** December 19, 2015, 04:17:19 pm »

Centrefix: you are not alone I am also suffering the same problem and have attempted the following.

Note my certificate is valid for the exe . version is 3187, I am running windows 10, and attach the evidence of a valid certificate

Following reading the thread:
1. Before anything I scanned my whole system for virus with a negative response.
2. I then started in safe mode , and program launches with no error
3. I then uninstalled and cleaned out my anti virus (which is Taggant compliant) but still get the error.
4. I have stopped all the services and tasks running that I can and still get the error.

My next move is to start restoring to previous images to see when the problem was introduced.
I have not made changes myself to the pc between it working and not working other than a windows update KB3124200

The plot thickens.

drayton_k · « **Reply #16 on:** December 19, 2015, 07:15:41 pm »

I too am getting this error.

I dont even have FSX installed and I get an FSX error, I only use P3d V3. I have just about had enouigh of Flight Simulators now!!!!

Centrefix · « **Reply #17 on:** December 20, 2015, 02:36:13 pm »

I can double click on the .exe and get the error even when FSX is not running.

Maybe we'll never know the answer.

iaincmac · « **Reply #18 on:** December 21, 2015, 10:36:12 am »

After almost 8 hours of searching/restarts/rebuilds the culprit for me has been found for me.
Trusteer Endpoint Protection which is part of Rapport http://www-03.ibm.com/software/products/en/trusteer-rapport which banks advise to install for online banking.

If I stop their program everything runs just fine and GSX works.

Trusteer had carried out a silent upgrade which was not obvious but showed up searching through programs affected by restore points.
It appears to control access to windows API's to prevent fraud while using banking

In my search on this forum while waiting for restarts I found this from April 2015 http://www.fsdreamteam.com/forum/index.php/topic,8207.msg90313.html#msg90313
My issue appears to me to be similar to the behaviour suffered by the list of 10 or so programs that cause a similar problem detailed in this old thread.
Umberto said this check was being removed in Couatl 3 beta , perhaps this was reinstated or modified?

Looks like I have a good way of testing that my banking is protected now

virtuali · « **Reply #19 on:** December 21, 2015, 11:11:06 am »

Quote from: iaincmac on December 21, 2015, 10:36:12 am

My issue appears to me to be similar to the behaviour suffered by the list of 10 or so programs that cause a similar problem detailed in this old thread. Umberto said this check was being removed in Couatl 3 beta , perhaps this was reinstated or modified?

I can confirm Couatl 3 doesn't check anymore if a 3rd party software is trying to hook on it. We removed this in Couatl 3, when the number of bad-behaving 3rd party products that use these questionable methods started to grow.

There's still a check left in against external executables that try to MODIFY Couatl.exe, which I guess is what you are getting, and this really cannot be accepted and I cannot see any reason why a banking security program would have any reason to try to MODIFY another executable it doesn't have any relationship with!

I'd report it as the developers as a serious bug.

Centrefix · « **Reply #20 on:** December 21, 2015, 11:16:13 am »

I've uninstalled everything so I can't check the issue now. However I also have that banking security software installed

iaincmac · « **Reply #21 on:** December 21, 2015, 02:42:04 pm »

Thanks Umberto for the response.
I have reported it to the IBM Trusteer-Rapport at http://www-03.ibm.com/software/products/en/trusteer-rapport
Given they claim to have over 30 Million users worldwide others will be affected by this I suspect.

jabloomf1230 · « **Reply #22 on:** December 21, 2015, 04:44:18 pm »

My advice is to uninstall Trusteer. It duplicates the services provided by your Antivirus program and just causes general mayhem with its select updates.

iaincmac · « **Reply #23 on:** December 28, 2015, 12:54:10 pm »

In conjunction with the Support team at IBM I have identified the part of the Trusteer package that is causing this.
It can be disabled via their security policy control panel. It is called 'Early Browser protection' whatever that is!
I am waiting for them to get back now with a response on what they suggest now.

virtuali · « **Reply #24 on:** December 28, 2015, 05:13:21 pm »

Maybe you could supply them with the following information:

The executable which was mistakenly blocked, Couatl.exe, is not simply entirely and utterly safe to use, it's ALSO digitally signed with the "TAGGANT" system, which is an IEEE standard that is supposed to be supported by anti-malware companies in order to prevent false-positive detection bugs:

http://standards.ieee.org/develop/indconn/icsg/amss.html

Here's a scan on Virustotal.com, which scans files with many antivirus all at the same time, and it reports ZERO detection with 55 engines tested:

https://www.virustotal.com/en/file/e83befb9ddfafa015ba1dd10e800b6f58bbe9c9950ec55c10e225aedbbc91285/analysis/

iaincmac · « **Reply #25 on:** December 29, 2015, 02:06:28 pm »

No problem, have just sent the info you provided to them

thanks.

iaincmac · « **Reply #26 on:** January 24, 2016, 05:06:43 pm »

IBM have just got back to me and informed me that their 'Early Browser protection' package
has now been 'improved' .

I now no longer get the scripting engine error and GSX loads and functions as normal.

News: