Hi All,

I have downloaded Wolves of Steel in the past and really enjoyed it. I went to download it this time and received a message "This file is not commonly downloaded and could harm you computer".

I've seen one report from 2017 of the mediafire file containing malware. Can anybody clarify this please?

Thanks

It's a False Positive from your antivirus.

Shibbyland!:Kaleun_Salute:

A Warm Welcome To The Subsim Community > Shibbyland
Subsim <> Make A Donation <> See The Benefits <> Support The Community (http://www.subsim.com/radioroom/showpost.php?p=2027002&postcount=1)
SH3 – 4 - 5 Tutorials And Other Information Links In My Signature Below

Thanks for that. Mediafire says the file was recently uploaded (July 2018) from Serbia and Montenegro. What does that mean? I thought it was uploaded years ago?

I understand your concern and your wanting to help, but is there a reason you felt the need to start two threads on this?

Yes, the second thread is unrelated. This thread was to do with a Microsoft message which I'm satisfied is almost certainly a false positive as it only relates to the publisher of the software.

The second thread was published out of concern after a commercial anti virus scanner was used on both the megamod and the update file. It uses an up to date database of known viruses to clean infected files.

It detected a virus within the megamod file but not within the update file. I don't believe this is a false positive as when I originally downloaded the megamod over a year ago, the same scanner did not detect any issues and now it does. Given the file was modified only a few weeks ago this made me a bit suspicious and as much as I'd love proceed with the mod anyway it just seems too risky until I know more. You guys have made something truly brilliant here, to play SH5 without Wolves of Steel is a waste of time but yea I can't ignore a threat.

Do you guys do any kind of monitoring of your most popular files or anything to keep yourselves secure?

I feel your members/admins should be aware as this can be a threat to the integrity of your community (which I'd like to be a part of).

Yes, the second thread is unrelated. This thread was to do with a Microsoft message which I'm satisfied is almost certainly a false positive as it only relates to the publisher of the software.

The second thread was published out of concern after a commercial anti virus scanner was used on both the megamod and the update file. It uses an up to date database of known viruses to clean infected files.

It detected a virus within the megamod file but not within the update file. I don't believe this is a false positive as when I originally downloaded the megamod over a year ago, the same scanner did not detect any issues and now it does. Given the file was modified only a few weeks ago this made me a bit suspicious and as much as I'd love proceed with the mod anyway it just seems too risky until I know more. You guys have made something truly brilliant here, to play SH5 without Wolves of Steel is a waste of time but yea I can't ignore a threat.

Do you guys do any kind of monitoring of your most popular files or anything to keep yourselves secure?

I feel your members/admins should be aware as this can be a threat to the integrity of your community (which I'd like to be a part of).
as xenonsurf said it's a false positive

I know its probably a pain in the ass to keep asking and I don't mean to be but its just really hard to understand why im detecting a virus now but didn't on a previous version? In combination with a post I saw about their download turning out to be malware I'm trying to get to the bottom of it.

There doesn't seem to be a lot of recent downloads to see how other people have found it.

Have you guys considered campaigning to have your content included in the original game to bring it back to life on the market? I'd buy Cold Waters but I know any other subsim just doesn't come close to Wolves of Steel megamod.

I know its probably a pain in the ass to keep asking and I don't mean to be but its just really hard to understand why im detecting a virus now but didn't on a previous version? In combination with a post I saw about their download turning out to be malware I'm trying to get to the bottom of it.

There doesn't seem to be a lot of recent downloads to see how other people have found it.

Have you guys considered campaigning to have your content included in the original game to bring it back to life on the market? I'd buy Cold Waters but I know any other subsim just doesn't come close to Wolves of Steel megamod.
Name of your antivirus?

I use ESET. It very rarely picks up anything as a threat so when it does I take notice. I've submitted a support request to see if they can analyse the file but that might take some time to hear back.

It's also strange how it detected the threat in the megamod file but not the separate update file. It suggests that it's not a publisher issue that ESET has detected or otherwise it would've identified both as a threat.

Thanks for that. Mediafire says the file was recently uploaded (July 2018) from Serbia and Montenegro. What does that mean? I thought it was uploaded years ago?
Approximately once a month I upload a new update and I also update the main full standalone installer as well. That's why the files are recently modified. For example, right now I'm preparing v2.2.7 update for the end of the month...

I know its probably a pain in the ass to keep asking and I don't mean to be but its just really hard to understand why im detecting a virus now but didn't on a previous version?
This is question for your AV software support/publisher. I've noticed from user reports that Norton IS is also very picky regarding software from unknown publishers .


There doesn't seem to be a lot of recent downloads to see how other people have found it.
Up to this moment exactly 2484 downloads for the latest full installer and 661 for the update.


Have you guys considered campaigning to have your content included in the original game to bring it back to life on the market? I'd buy Cold Waters but I know any other subsim just doesn't come close to Wolves of Steel megamod.

Never going to happen. I'm pretty much sure that most of the moders would never allow for their work to be included in any kind of commercial product, especially if we are talking about so much hated Ubisoft...

I use ESET. It very rarely picks up anything as a threat so when it does I take notice. I've submitted a support request to see if they can analyse the file but that might take some time to hear back.


Good...If you may not noticed, I actually recommend this in TWoS download section. :yep:

Thank you for your detailed reply, Ill just wait and see what the AV people come back with. I’ve just reinstalled SH5 vanilla and it’s just dull without TWoS.

I don’t think I’ve ever gotten so much enjoyment from a naval game than the work you guys have done with this mod.

Just navigating around is enjoyable and the manual targeting in vanilla leaves more than a little to be desired. Great mod, what a shame you guys aren’t building entire games for the market.

Thank you for your detailed reply, Ill just wait and see what the AV people come back with. I’ve just reinstalled SH5 vanilla and it’s just dull without TWoS.

I don’t think I’ve ever gotten so much enjoyment from a naval game than the work you guys have done with this mod.

Just navigating around is enjoyable and the manual targeting in vanilla leaves more than a little to be desired. Great mod, what a shame you guys aren’t building entire games for the market.
You're quite welcome. BTW, what was the name of problematic file?

It's the weirdest thing, I did the scan and on completion it just said threat found and removed. When I went to find what the specific threat was it had just removed the entire megamod, all 2 and a bit GB of it.

It's the weirdest thing, I did the scan and on completion it just said threat found and removed. When I went to find what the specific threat was it had just removed the entire megamod, all 2 and a bit GB of it.

It seems that Sputterfish's automatic Steam Conversion Tool (SH5updateSteam.exe) is causing problems with some AV programs which wasn't the case before...Not sure how to solve this except to remove the tool completely but that will again move playable SH5 a light year from Steam users...:hmmm:

Any chance separating sputterfishes file as a seperate download for steam users? Or is it possible to download the mega mod and then manually remove the file myself and try again with the scan. Might be good to see if that is in fact the issue in this case.

Any chance separating sputterfishes file as a seperate download for steam users? Or is it possible to download the mega mod and then manually remove the file myself and try again with the scan. Might be good to see if that is in fact the issue in this case.
You can delete "Resources\TWoS_Setup\SH5updateSteam.exe" file from the archive but then you wont be able to install the mod properly if you use Steam version...

With better antivirus or Internet Security programs, there should be a functionality (menu choice) in which you can send a quarantined file to the company to further test if a file is a virus or not. If it's not a virus (a so called False Positive), this will be taken in account for the next antivirus update database.
Read in your program instructions how to do that.

With better antivirus or Internet Security programs, you can define Exclusions for the virus scan. This means that a file which you have researched and which is not a virus will - accordingly to your instruction - not be scanned during the live scan or during the scheduled scan of your computer.
Read in your program instructions how you exclude files or folders from the scan, the procedure is different in any antivirus program.


@Veco,
maybe add the above in your TWoS notes!

I just re-downloaded the file to get to the bottom of what was being identified as the "problem" file.

It's as you say, the file for making it steam compatible is the one which AV is identifying as a threat. (See below)

J:\Downloads\Game modding\The Wolves of Steel 2.2_SH5 Expansion Pack_v2.2.6_Full.exe » WINRARSFX » Resources\TWoS_Setup\SH5updateSteam.exe - a variant of MSIL/Packed.Confuser.N suspicious application - cleaned by deleting [1]

Since the file is part of the entire executable file, I'm not sure how to isolate it and use what's left (I don't use steam for SH5). It just deletes the entire file.

I just re-downloaded the file to get to the bottom of what was being identified as the "problem" file.

It's as you say, the file for making it steam compatible is the one which AV is identifying as a threat. (See below)

J:\Downloads\Game modding\The Wolves of Steel 2.2_SH5 Expansion Pack_v2.2.6_Full.exe » WINRARSFX » Resources\TWoS_Setup\SH5updateSteam.exe - a variant of MSIL/Packed.Confuser.N suspicious application - cleaned by deleting [1]

Since the file is part of the entire executable file, I'm not sure how to isolate it and use what's left (I don't use steam for SH5). It just deletes the entire file.

For Kaspersky AV this file is sure
http://subsim.com/radioroom/showpost.php?p=2561041&postcount=10392

Watch spoiler

I'm not sure how to isolate it and use what's left (I don't use steam for SH5). It just deletes the entire file.

Do you have Winrar?

No but I can get it. I am able to zip files however when I zipped this one it only went down a couple hundred megs.

No but I can get it. I am able to zip files however when I zipped this one it only went down a couple hundred megs.

Open TWoS installer with Winrar and delete the problematic file. Or even better, extract it first and then delete it. That way you can upload it for further analysis to the Eset "experts". I would really like to hear why our Steam converter tool is so "dangerous"...:doh:

I use AVG Internet Security and ensure my virus database is automatically updated, sometimes twice a day and I have had no threat warnings on either the 2.2.x updates or the full main installers.

I went ahead and installed the mod despite both my anti-virus and windows telling me not to.

I couldn't submit the file for analysis in the end but on calling the company I was advised that the file it was detecting was most likely being picked up due to the manner in which it is packed not being trusted. After turning off the detection of suspicious applications, it passed the remaining scans. It seems ESET recognises the packing of the file as having potential to hold harmful information (but not necessarily actually holding it).

Thanks for making the mod so much easier to install than last time. The scanner actually detected and removed the steam compatibility file during the installation.

I still don't know why Windows had such an issue with installing the application, it recommended several times that I don't. Is anybody able to comment on why windows would get upset by it?

In any case, spent hours patrolling up and down the entrance to Danzig. Came across 2000 Tonnes of Polish shipping at the most perfect angle without any need for positioning. Needless to say one torpedo was all it took. Great mod, I purchased Cold Waters and didn't even end up looking at it once I got Wolves of Steel installed.

I still don't know why Windows had such an issue with installing the application, it recommended several times that I don't. Is anybody able to comment on why windows would get upset by it?
It's a common problem with unofficial installers. Some security programs (depending of your personal settings) will block them just because they "could" hold something unwanted.
You can download the problematic tool here which will be moved to the quarantine as soon as you save it. It would be very nice if you could upload it for detailed analysis trough your NOD antivirus so that it can be declared as "safe" in following period...:yep: http://www.mediafire.com/file/ubfoko5q60ea2zr/SH5updateSteam.exe/file


In any case, spent hours patrolling up and down the entrance to Danzig. Came across 2000 Tonnes of Polish shipping at the most perfect angle without any need for positioning. Needless to say one torpedo was all it took. Great mod, I purchased Cold Waters and didn't even end up looking at it once I got Wolves of Steel installed.

:salute: Happy hunting !

I was working really hard these days on submitting false positive reports to various AV vendors and I can inform you that from now TWoS shouldn't be interrupted in any way by following programs:

AVG, Avira, Avast, Norton/Symantec, Microsoft defender. Still waiting response from several other vendors ...:yep: