FSDreamTeam forum
General Category => General Discussion => Topic started by: HiFlyer on August 29, 2009, 11:58:00 am
-
:'(
As the happy purchaser of 4 new sceneries I have been quite happy with your products. Mcafee Antivirus however, is apparently not a big fan, and when I started FSX this morning Mcafee proudly announced the successful blocking and deletion of a Virus: Namely, Coatl.Exe at which point I found, sure enough, that all of my Fsdreamteam sceneries are now invisible.
Uhmmmm..... Help? :'(
-
There's nothing we can do on our side, if an antivirus wrongly decides that, the same program that always worked up to the day before, has now become a virus, the program it's obviously wrong, and need to be fixed.
That's why almost all antivirus software have options to disable a certain file from scanning. The issue is, I think that McAfee, in the personal edition of the product, has stopped to include this crucial feature. I don't know if the fixed it, because it's a wrong design decision. I'm not sure of this, but I've heard the same problem on Flight1's forum, that McAfee detected their software as a virus, but doesn't offer the chance for the user to exclude the file from scanning and fix false positive reports.
If your version can do this, you should be ok by adding the FSX\fsdreamteam\Couatl\Couatl.exe file to the excluded files list, otherwise I don't see any other option than to switching to different antivirus, like the free AVG for example, that has this option even in the free version.
Note that, ALL our programs, including Couatl.exe, are digitally signed from us. This means, you can check the program integrity by right-clicking on it, select "Properties" and check the Digital Signature. If this one is reported as valid, you can be sure the executable hasn't been altered in any way. If it catched a virus (for example, one that was already in your system and attached to it), the digital signature would not be valid anymore so, you have a mean to ensure the file is clean, even without using the antivirus.
-
:(
Well, I guess I will try Uninstalling and reinstalling first, and see what happens.....
-
Well, I guess I will try Uninstalling and reinstalling first, and see what happens...
I don't think it will change much. The most important thing is to be able to exclude the Couatl.exe file from scanning, which is usually the easiest thing to do, if your antivirus allows it. Or, you need to keep the antivirus entierly disabled when running FSX and when installing the sceneries, if you are reinstalling.
-
Well I scared myself for a second! Couldn't find the receipt and serial numbers in my mailbox till I finally did a search under the name Virtuali! ;D
I will fiddle with my Antivirus after the install.
-
All you need to do is download and run any installer to replace coatl.exe, why uninstall? ;)
-
:( :( :(
Now I can't even install anything. Mcafee identifies Fsdreamteam\couatl\couatl.exe as Virus Artemis!4F84091d8556 and removes it immediately. :'(
-
I had problems with Mcafee ,same as you and then some. Try turning all of mcafee off including the Utilities,if you have it,then dwnload and install.Do not run it when useing sim. Eventualy I told Mcafee about problem and got my money back and uninstalled all of it. Mcaffe also interfered with graphics when sim was running. I then got the free firewall and antivirus program from AVG and havent had any problems like those or the ones you have since.
-
Well now here is the weird part. Despite the Mcafee block and remove, the Airport I installed (JFK) seems to be running fine except that the Airport ground textures look awful.
-
Well now here is the weird part. Despite the Mcafee block and remove, the Airport I installed (JFK) seems to be running fine except that the Airport ground textures look awful.
The blurred ground is actually not so weird in the fsx version of JFK, and has nothing to do with the antivirus. It's the infamous "blurries". You probably have your settings too high or lack anisotropic filtering. The topic was discussed to death here...http://www.fsdreamteam.com/forum/index.php?topic=1260.0 (http://www.fsdreamteam.com/forum/index.php?topic=1260.0). A comparision of how the ground should look and how it shouldn't...
If you are saying the top pic is awful then that's another story, but it still has nothing to do with the antivirus.
-
Thank you JFKpilot. With that hint, for the settings, I have things sorted. Next I will attempt to install the other 3 sceneries and see what happens.
Still not Sure exactly what Mcafee thinks its doing, and why the scenery seems to work fine despite The exe supposedly being deleted/blocked........... ???
Things that make you go hmmmmmm.....
-
Ok I have re-installed all my Fsdreamteam scenery's and at each installation Mcafee says it is has successfully cleaned/deleted the Exe.
Yet each scenery now seems to be up and working correctly.........
Totally confusing.
-
As JFK said ,anti virus has nothing to do with how blurries are,thats all in game and or graphic card settings. I had the trees and other ground texures stretching into the sky and other things. After I and a comp shop sorted out problems it all came down to Mcafee. I totaly removed it and the problems all disappeared.
-
I uninstalled McAfee too and it solved my problems ...in fact, I think I'm getting a few extra FPS now. I don't know if it had anything to do with how McAfee operates as much as probably deleting it just freed up some system resources.
-
Well, everything seems to be working fine now. I am not sure what the heck was going on! The scenerys all reinstalled (apparently sans the exe if you believe Mcafee) and no problems so far. I didn't even need to reinput the serials, which is cool.
I will keep an eye on it to see if anything else funky happens.
-
I also have McAfee and are dealing with this problem which I understand is not a FSDreamteam problem. I have sent the file couatl.exe to McAfee (virus_reasearch@advertlabs.com) for them to analyze and hopefully add to their DAT file definitions so that it will be avoided in future scans. I have had luck in the past using this service to correct some files from Flight1 software that were being detected and have them added to the DAT definitions.
Below is the latest email correspondence from McAfee I recieved today with my reply. We will see where this goes next... Maybe I can get a contact for Virtuali.
If I understand correctly this file will not be added to a future DAT version to avoid being detected as a virus. Again this file is part of an add on scenery package for Microsoft Flight Simulator X by FSDreamteam.com which is a reputable company and the file is also digitally signed. If this is so what are my options to get this corrected (added to a new DAT version) aside from disabling Virus Scan ever time.
Thanks,
Gideon
-----Original Message-----
From: virus_research@avertlabs.com [mailto:virus_research@avertlabs.com]
Sent: Thursday, September 03, 2009 10:30 PM
Subject: Escalation: 5492852
Avertâ„¢ Sample Analysis
McAfee Avertâ„¢ Labs, Automation
Thank you for submitting your suspicious file(s). We have determined that the following submissions are handled by our AV signature DAT files.
Analysis Id: 5492852
--------------------
File Name Findings Detection Type
========= ======== ========= ====
couatl.exe detected w32/induc virus
DAT version 5730 provides cover against all of the submissions shown above.
-
I submitted it to Sunbelt Software, which makes Vipre antivirus and they still insist it's not a false positive since other AV companies are also identifying it as a trojan. I'll just have to deactivate my AV every time I install an FSDT scenery and exclude the folders the files are in from AV scans, which is no big deal.
KP
-
I submitted it to Sunbelt Software, which makes Vipre antivirus and they still insist it's not a false positive since other AV companies are also identifying it as a trojan.
Well, this is the most laughable answer you could ever get from an antivirus company. Basically, they are telling you that they don't have the means to check if a program is *really* dangerous or not but, it must be, because other A/V products are detecting it as well...
Which is also funny because, considering that many antivirus are just using the McAfee engine they license, whenever McAfee gets into a false positive problem, many 3rd party antivirus will act just the same so, would this prove their point about "other AV companies are identifying it as a trojan" ???
-
I agree, it's ridiculous that none of the AV companies seem interested in fixing this problem. The good thing about Vipre is it's easy to exclude the FSDT folders from scans so I don't have to worry about it quarantining the file; I just have to disable Vipre temporarily doing scenery installs so it doesn't kill couatl during the install.
KP
-
The problem is that users of FSdreamteam products who also have anti virus, are being intermittently inconvenienced by these episodes (My products have stopped working again) and a quick scan of the forums shows the problem as being fairly widespread over time.
Isn't there any way for Coautl to do whatever its doing in such a fashion as to not cause so many false positives? Surely there are other products that are "protecting" themselves in ways that do not cause these issues?
There are a few more airports I want to buy, but I find myself feeling hesitant because of this.
-
The problem is that users of FSdreamteam products who also have anti virus, are being intermittently inconvenienced by these episodes
The issue is, you are seeing it backward: the problematic software is not FSDT, it's the antivirus that, after a certain update, has decided that a software (the SAME software) that was ok up to last week, has now suddendly become a virus, without this being changed at all.
So, it's clearly the antivirus fault. The job of an antivirus should be protecting from a virus WITHOUT interfering with the software, and the onus of trying to be reliable at this, it's on the antivirus developers.
Isn't there any way for Coautl to do whatever its doing in such a fashion as to not cause so many false positives?
Think about it: if it was possible to conceal from the antivirus from our side, real virus could it just the same. This is what real viruses usually do as well, which is what the antivirus tries to prevent.
The more real viruses become smarter avoiding to be detected (in a sense, you are suggestiong we should become smarter at that too...), the more the antivirus has to use wild guesses of what could be a threat, and the more false positive you'll get.
That's why it's important being able to manually exclude files from scanning, since the whole process is *inherently* unreliable.
Surely there are other products that are "protecting" themselves in ways that do not cause these issues?
No, see this post at Flight1 forum:
http://www.simforums.com/forums/forum_posts.asp?TID=24061
They have exactly the same problem with their wrapper, and the solution proposed is exactly the same as ours: manually exclude the affected files from scanning or, if the antivirus doesn't allow it (like McAfee Home edition), switch to a different product.
-
I have appealed to McAfee's reply to this file being identified as a virus. The type of virus couatl.exe is being associated with w32/induc!a has something to do with files programed with Delphi (http://vil.nai.com/vil/content/v_204731.htm). Again, I believe this to be a McAfee problem and before I consider to get rid of McAfee I am using all channels available to get the problem resolved.
-
You can try to update to the latest version (just run any scenery installer again), we have done some changes, that will hopefully improve compatibility with McAfee now.
-
Thanks Umberto I will give it a try. Just a heads up my appeal to McAfee appears to be working it's way through the process. They returned my email this morning at 2:36AM EST. The file couatl.exe is now identified as inconlusive. Hopefully the will come to their senses and update the DAT file now in the next few days.
Avert(tm) Sample Analysis
Issue Number: 5492852
Virus Research Analyst: Neha Chattopadhyay
Identified: Inconclusive
McAfee Avert(tm) Labs, Bangalore, India
Thank you for submitting your suspicious file.
Synopsis
http://vil.nai.com/vil/content/v_204731.htm
We currently have, in our latest engine and DAT files, detection for over 120,000 viruses and trojans. Though we are now making a concerted effort to get a description of every virus in the wild in our Virus Information Library, we have not yet reached that point. We appreciate your patience and your request for this information.
-
You can try to update to the latest version (just run any scenery installer again), we have done some changes, that will hopefully improve compatibility with McAfee now.
(Heaves Huge sigh of relief)
Thank you! This was driving me crazy. I hope it works for a good long while!
-
I've been pushing McAfee to resolve this issue, and now they're saying that the file couatl.exe is definitely infected. All I want from them is a way to force McAfee to not scan this file, but instead they keep throwing back results of their virus scan on the file. They've now told me that their Director of Malware Research will be contacting FSDreamteam to discuss this "infected" file. Hopefully, this will finallly get this matter resolved. I've attached some of the correspondence between me and them...
-
I've edited your message, because I don't think it's appropriate to post on a public forum an email exchange. I've got your email though.
However, reading McAfee reply, really makes me wonder if the guy that wrote it REALLY knows *anything* about security, which is quite shocking, considering it supposed to be their main business.
Stating "even Microsoft has determined this file to be infected", and posting results from virustotal.com (which we routinely use, btw), as if they were proving anything, seems a way to say "we don't know what this threat does but, if others say it's a virus, it might be true". Really comforting explanation.
Posting results of other virus scanners is entirely useless because the whole POINT of letting the user choose which files exclude from scanning, is because false positive DO happen! There's no such thing as a perfect scanning engine, that will be able to protect you from every threat and will not interfere with legit programs at the same time, that's why almost every other A/V product out there HAS that option.
Even McAfee itself has it, but only in the Enterprise version of their products, which is quite logical: try to sell that BS to someone that has maybe thousands of users cut out from work, because their engine suddendly decides to flag a legit program as a virus. This fact alone, should be ample proof that McAfee itself aknowledges the importance of this option: they just decided it's not something that users of the cheaper versions are entitled to have.
This should give anyone still using McAfee more than enough reasons to switch to another product.