F-Secure Update blocks "The Book of Legend"

Hallo,

 

this morning I bought and installed The Book of Legend via Steam. When I first started the game F-Secure AntiVirus 2014 or to be more specific its DeppGuard module informed me that the application is "not safe", but I set it to "allow" and played the game for about 2 hours.

 

This evening I started the game again and steam reported "error code 51". The game was only able to run when F-Secure was disabled completely or the EXE of the game was on the exception list. I checked F-Secure's download log and found that there was an update for F-Secure Aquarius today ca. 4 hours after I finished my first session with the game... It is quite obvious that this update is responsible for this behaviour.

 

Does anyone else have this problem?

I do not like to put an EXE file on the exception list. Especially Steam games have FULL read/write access on their folders and thus are quite "dangerous" or open for infection... This should be fixed quickly, shouldn't it.

Best Answer

  • UkkoUkko Posts: 2,964
    Accepted Answer

    Hello,

     

    Maybe current situation can be related with DeepGuard storage - try to clean that (remove game from list/storage - if that application have there); If application safe and information already updated for DeepGuard - you will try to launch game without any new alerts by DeepGuard. And already Steam/Game can not to think that "something wrong" - just because DeepGuard already not "checking" application with "care" (allow-status not dropped DeepGuard "active" care);

     

    Anyway:

     

      - Did you try to "Turn On" Game Mode (if it available in your version of F-Secure AV)?

      - Also you can try to check settings about DeepGuard (here can be available option about "compatibility mode");

     

    It's maybe better, than just turn off F-Secure AV totally.

    And maybe.... you can already also can to try ask F-Secure SAS (?) or another kind of feedback (for support?) about current situation with troubles between "DeepGuard and F-Secure / current game" - maybe it's possible to edit something like "white list" or close to that.

Comments

  • NikKNikK Posts: 931

    To determine if F-Secure detects it wrongly(called a false positive) you can upload the EXE file to https://www.virustotal.com/

    It's a multi-engine scanner that uses 50 different antivirus products. If other engines detect something to, then F-Secure was right in blocking it. If not, you can submit it to F-Secure Labs for analysis: https://analysis.f-secure.com/portal/login.html  so they can check the file and remove the detection.

  • StHubiStHubi Posts: 17

    Thanks for the hint! I uploaded it to VT. 4 of 51 scanners reported a virus. But one of them reported "Heuristic.LooksLike.Win32.SuspiciousPE.C!81" and one of them appended "Gen" to the virus name which should also indicate just a "heuristic guess". F-Secure is also in the list and was fine with the file... As the game is sold on Steam I do not believe in a virus.

    As I wrote above the game was running this morning before the last Aquarius update. That is quite strange, I think. Will they do something about this when I send them the file?

  • NikKNikK Posts: 931

    If the F-Secure Labs analysis determines it's a false positive they will update the definitions so you can run the game again.

  • StHubiStHubi Posts: 17

    The game did run this morning, so the "Allow" for DeepGuard was fine. The false positive should not be an issue anymore... There seems to be something else wrong.

  • IvanDIvanD Posts: 31

    Hi StHubi,

     

    As Nikk had previously suggested, the fastest and safest way to address this issue would be to submit the sample through our portal:

    https://analysis.f-secure.com/portal/login.html  

     

    Please sign up on the left panel, and you will be able to follow the status of that submission. Kindly include as many details as possible in the description, as it will speed up the resolution of the case.

     

  • StHubiStHubi Posts: 17

    Thanks for the recommendation. I will try that...

  • StHubiStHubi Posts: 17

    I got response from the analysis website. The file is clean and after an update of the defintion files it is now no longer suspected to be infected. BUT the game still reports "error 51" unless I turn off F-Secure or put the folder on the exception list Smiley Sad

  • StHubiStHubi Posts: 17

    I also contacted support, but I did not get any answer yet. Perhaps that was done when the analysis people answered me?

     

    - Game Mode does not change anything.

    - Compatibility mode of DeepGuard allowed me to run the game!

     

    Thanks a lot! Changing to compatiblity and returning to normal mode when I am finished playing is fine with me :)

  • UkkoUkko Posts: 2,964

    If you mean - that you received one answer during result about "safe or not" - maybe it's was last answer indeed.

    But you can to re-ask or create some kind of another ticket not just about "detection for files/file, which related with game"; Ticket about "DeepGuard and current game" have a troubles - which maybe possibly to fix by F-Secure team (but I not sure... for which place it's need to create a ticket/letter); Maybe for that "fix" can to use any whitelisting - but not sure...

    ----

     

    About "Game Mode" more related with prevent any "network connection" by applications and some another points (like system resources more for game-processes);

     

    And compatibility mode good that work. But anyway - you can try to check situation about settings in main UI - Tools part - where must be "DeepGuard storage" (if there have any files related with game - maybe trouble in that fact; And if clean that storage about files, related with game, maybe it's able to fix... already without compatibility mode);

     

    :) But maybe.... can be enough.... that already all work and create a good emotions for you.

     

     

This discussion has been closed.