dsetup.dll is setting off malware alert - Page 8

Secrets · #71 12-19-2014, 05:09 AM

Quote:

Originally Posted by Slowfate [You must be logged in to view images. Log in or Register.]

Whoops, sorry that was my blatant psychosis. Forgot where I was.

What?

George_Smith · #72 02-12-2015, 06:15 PM

Instead of suggesting that people not use McAfee, Norton, AVG, etc and wasting a lot of time trying to explain to us why dsetup.dll is safe. Could you guys send an explanation to these Antivirus companies telling them why it is a false positive so they can add it to their trusted list. I looked up the McAfee site to do this (see below). I would do it myself, but I do not actually know what this file does. So my explanation probably will not convince them.

Thanks

https://secure.mcafee.com/apps/mcafe...aspx?region=us

some instructions from the website I found the link on:

If you are the owner of the software being detected see: Detection Dispute Submission | McAfee Labs (If it doesn't hyperlink here, it's the link I copied and pasted just above)

Email file to: virus_research@mcafee.com and make the header of the email start with the word FALSE - for example FALSE: In-house file being detected by McAfee

When submitting samples via E-mail all samples must be packaged in a .ZIP file.

Additionally, any .ZIP file created must be password-protected (encrypted) using the password "infected" (minus the "") - using the basic or default zipping level - some compression software offers varying degrees. Failure to follow these guidelines will cause your submission to be rejected.

If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

If you don't receive anything it either means the file was submitted incorrectly or the response is sitting in your Junk or Spam mail folders.

**If they respond that it is an infection and you are sure it is not, reply to that email immediately ( to virus_research@mcafee.com ) and insert the word 'False' (minus the '') in front of the header, but keep the rest of the header intact.

To be on the safe side scan with an outside anti-malware agent such as MalwareBytes (Free) or SuperAntispyware (Free). Let them clean everything they find.

NOTE: Due to the large volume of detections on a daily basis (150,000 or more) please allow 4-5 business days for the submission to be analyzed & processed.

legionofstorm · #73 02-22-2015, 09:16 PM

Yes could someone with the project contact them. I have submitted to them twice on the issue. Nothing. I am willing to to donate to get this fixed if need be. driving me crazy. I have to turn of monitoring but everytime i reboot i have to redo the dll.setup thing. ugh.

Mentathiel · #74 02-23-2015, 05:26 AM

Quote:

Originally Posted by George_Smith [You must be logged in to view images. Log in or Register.]

Instead of suggesting that people not use McAfee, Norton, AVG, etc and wasting a lot of time trying to explain to us why dsetup.dll is safe. Could you guys send an explanation to these Antivirus companies telling them why it is a false positive so they can add it to their trusted list.

Because that would be a lie. The issue is not that dsetup.dll is a false positive so much as it just doesn't make use of its monitoring code to do anything malicious. McAfee, Norton, AVG, etc. are right to flag it, but they should respect your decision to trust it anyway.

Aussie · #75 02-23-2015, 05:47 AM

Quote:

Originally Posted by Mentathiel [You must be logged in to view images. Log in or Register.]

The issue is not that dsetup.dll is a false positive so much as it just doesn't make use of its monitoring code to do anything malicious. McAfee, Norton, AVG, etc. are right to flag it, but they should respect your decision to trust it anyway.

The "issue" as far as AV companies flagging it is due to the way the dll is packaged, with Themida. Find pretty much anything packaged with Themida and it will return a false positive.

Mentathiel · #76 02-23-2015, 05:58 AM

Quote:

Originally Posted by Aussie [You must be logged in to view images. Log in or Register.]

The "issue" as far as AV companies flagging it is due to the way the dll is packaged, with Themida. Find pretty much anything packaged with Themida and it will return a false positive.

But that still ignores the fact that no security software should ever overrule its user. It is expected to stop you doing it once, maybe force you to explicitly state that you want to do something it strongly advises against, but it should always sit down and shut up when you tell it that you have made your choice.

The issue is that McAffe is a tool which thinks it knows what is best for you and usurps control of your PC. You know what else makes your computer ignore your intentions and do things you told it not to do? Malware. Well, I suppose Windows Vista too, but nobody actually uses Vista, do they?

**Rogean** · #77 02-23-2015, 06:20 AM

The problem with sending requests to the AV companies about whitelisting it is that they can only whitelist one version of the file. When we update our DLL (Which happens every time we make a change to revert a feature of the client to a classic state, not just anti cheat detections) we would have to do the whole process again.

Casey VII · #78 02-23-2015, 06:35 AM

Why bother using an active anti-virus? It just bogs down your system and creates hassle. Kind of the opposite of its intended purpose, if you really think about it.

Just run regular scans with a free program like malware bytes and call it a freakin day. Hell you could even schedule the scans, just omit real time protection.

quido · #79 02-23-2015, 06:42 AM

I haven't used Anti-Virus since the early 2000s and have never looked back.

**Rogean** · #80 02-23-2015, 07:53 AM

I've never used an anti virus since.. ever. >_>