Deepguard keeps blocking EVE Online launcher
This problem is driving me up the wall. Yesterday I got an update from the EVE Online launcher, the first time after my F-Secure Internet Security got upgraded to 2015.
Deepguard detected a change and blocked the launcher, while it prompted me whether to trust the application. Like I have done so many times before I opted to trust the application. To no avail. The launcher is stuck in offline mode and the debug logs clearly state it cannot connect to the patch server, while if I manually call the URL I get a response.
I've gone into the settings of Deepguard and checked whether it was set to allow the launcher, which it did. Changing settings and changing them back didn't do anything. Removing it from the list didn't prompt a new detection from the client as it was being run (obviously, because it can no longer detect)
I went and reinstalled the entire thing (6 GB+ download) because this had helped in the past, but this time as soon it did exactly the same thing.
I am out of options, save disabling Deepguard completely and reinstalling everything AGAIN. Unless someone has experience with exactly this problem and knows a solution.
Sorry, I'm not a gamer so forgive the possibly ignorant question, but do you have to download the whole thing each time you want to reinstall it, or can you save the installation files on your PC?
If the latter, then have you tried disabling F-Secure (Tools > Turn off all Security Features) before installing EVE? And, I assume you've tried Gaming Mode, but I don't think that would affect the installation itself.
Failing that, I can only suggest that you Submit a Sample of the download (the URL?) to the FS Labs, and hopefully they can whitelist it for you fairly quickly.1 1Like
There's no such thing as a dumb question. Thanks for taking the time to reply.
It differs per game, but basically the EVE Online installer is a small executable, which downloads and installs a snapshot of the game, including the launcher. Unfortunately there's no separate install for just the launcher (why not would be an excellent question for the people at CCP), so once Deepguard touched the executable it is messed up. I don't know the inner workings of Deepguard but putting back a snapshot, disabling Deepguard or anything else doesn't seem to affect the results.
I have currently disabled Deepguard and succesfully reinstalled the entire game (again), this time with succes. I will follow up on your suggestion to submit a sample though. Perhaps this might prevent this specific file to be targeted by Deepguard.
That still leaves the question why after allowing access to launcher.exe to Deepguard it fails to connect anyway.
It's can be (likely) that installer/launcher have check-process about "executable file". And if there was "patching" - it goes be disabled about some of features. Or simply something goes be wrong.
When you allow application (DeepGuard have allow-decision) it's anyway goes be with hook/analysis by DeepGuard. Maybe with "allow"-decision (like any other decisions) there more actions around, than it can be... when situation without questions by DeepGuard (which can be after "whitelist-process").
Anyway... with your situation (not sure... but probably it's missing under description there) maybe can be helpful (!?):
-> Compatibility Mode (?!). Under DeepGuard settings.
-> Trying to create exclusion list about folders/files for game (for manual scanning and for real-time scanning - there different lists). Such as... add to lists... files/folders about game.
Maybe it's can be better, than simply "disabling" DeepGuard.
Also.. there was without description for DeepGuard prompt. If it was "unknown application trying to connect with network" - there can be helpful (before) also:
- Gaming Mode (current prompt should be ignored... during gaming mode);
- Disabled current feature/option under DeepGuard settings (temporary as example);
But it just as workarounds... if there was same prompt by DeepGuard.
And it's can be helpful, because with current situation... it's mean - application should be "known" for F-Secure soon (related with how many users will be with current update or how soon someone transferred sample).
Sorry for reply again.
If you still experience the issue, could you try emptying the ORSP cache?
To do so run in the command prompt"[f-secure installation folder]\orsp client\orspdiag.exe --cache-clear" or if you have 64 bit OS, run: "[f-secure installation folder]\my f-secure\apps\ccf_reputation\orspdiag.exe" --cache-clear.