Virus Detection on Latest Update

[Æ 10]

During the latest update on Steam (as of: 11/08/2014) my antivirus software detected a "W32/Mental" by the name of "BEService_x64.exe".

For reference my antivirus software is by McAfee not that free rubbish that most people use.

Is there going to be a fix for this issue or will I be left with a game I can no-longer play?

I do not wish to hear that the file is not harmful, please don't reply saying so.

[GieNkoV 30]

Got same issue here with AVG 2014 IS. After fixing (deleting) the problem is gone.

[Æ 10]

Got same issue here with AVG 2014 IS. After fixing (deleting) the problem is gone.

The file is detected and deleted during the download process in Steam and cancels the installation.

To which I'm required to re-download the update and the issue repeats itself.

[Greenfist 1863]

Some antivirus softwares allow you to add a file to exceptions. So you could disable antivir, download and then add it. But if I've understood correctly you can't do that in McAfee. (I could be very wrong, I've never used it.)

According to virustotal, McAfee is the only antivir that thinks it's a virus. But I'm sure they'll clear it soon too.

[Æ 10]

Some antivirus softwares allow you to add a file to exceptions. So you could disable antivir, download and then add it. But if I've understood correctly you can't do that in McAfee. (I could be very wrong, I've never used it.)

According to virustotal, McAfee is the only antivir that thinks it's a virus. But I'm sure they'll clear it soon too.

I don't plan to ever have this file on my machine.

Adding exceptions to your antivirus allows potential malicious actions to be made from that file or most commonly something pretending to be that file.

[Greenfist 1863]

I don't plan to ever have this file on my machine.

Then you can just disable McAfee while you download and let it delete the file afterwards.

[opusfmspol 282]

If it's heuristics making the detection, it isn't always an actual virus; heuristics looks at behaviors to trigger a detection and BattlEye acts like a little spy (which hackers hate), which sets off the heuristics detection. In the case of a heuristics detection, the course of action is to run a full scan on the detected file, and if it comes up clean.... well, you decide. But if you're not going to allow the file on your machine to begin with, then you can't run the full scan because you have to remove it from quarantine to run the full scan on it.

And McAfee is known for detecting the BattlEye as a trojan. Been doing it for well over a month now. The RTS quarantines it on download, install and first launch, and the scheduled scans keep quarantining it periodically. It'll keep doing that until McAfee classifies it as a "potentially unwanted program" (PUP). I've had to pull it from quarantine countless times now. The full scans come up clean... and I say yea; but that's just me.

[Æ 10]

Then you can just disable McAfee while you download and let it delete the file afterwards.

I have taken measures to download, install then remove the detection but the game will not run multiplayer games (which is all I use it for).

If it's heuristics making the detection, it isn't always an actual virus; heuristics looks at behaviors to trigger a detection and BattlEye acts like a little spy (which hackers hate), which sets off the heuristics detection. In the case of a heuristics detection, the course of action is to run a full scan on the detected file, and if it comes up clean.... well, you decide. But if you're not going to allow the file on your machine to begin with, then you can't run the full scan because you have to remove it from quarantine to run the full scan on it.

And McAfee is known for detecting the BattlEye as a trojan. Been doing it for well over a month now. The RTS quarantines it on download, install and first launch, and the scheduled scans keep quarantining it periodically. It'll keep doing that until McAfee classifies it as a "potentially unwanted program" (PUP). I've had to pull it from quarantine countless times now. The full scans come up clean... and I say yea; but that's just me.

I'm aware of how an antivirus works, perhaps more than you, the file is not detected as a trojan it is detected as a W32/Mental.

The files behaviour is what flags it as such and like I've said previously it allows potential malicious actions to be made.

The file (as it currently is) should not come up 'clean' under any decent antivirus system.

For reference, I've worked in the IT industry for many years and it is my professional opinion that anyone with this particular file on their machine is vulnerable to malicious actions.

[opusfmspol 282]

I stand corrected and humbled. :)

You might get in touch with BE support and see what they say.

http://www.battleye.com/support.html

My detections keep coming up with RDN/generic.dx!dd, a different name than W32/Mental which is odd since I also use McAfee. The one I get is a low risk and the full scan comes clean.

EDIT:

but the game will not run multiplayer games (which is all I use it for).

I put MP filter on "BattlEye Required: No" and only got 12 servers total. That's pretty limiting.

Edited August 12, 2014 by OpusFmSPol

[Greenfist 1863]

Yeah, you should contact BE. They will probably get McAfee to fix their definition, or change BE itself.

This has happened a few times in the past with different companies, but they have usually quite quickly updated their scanners/BE.

But why do you say that "anyone with this particular file on their machine is vulnerable to malicious actions"? The nature of anti-cheat programs is that they will need a wider access to your system which will always looks suspicious to AV. There's just no way around that. Battleye isn't the first anti-cheat to trigger a false positive.

Well, you could only play with servers without BE though.

[Æ 10]

After a few hours of troubleshooting I've found a temporary solution.

I was able to modify the game files and run the game without BattlEye and play on servers with BattlEye enabled (I was able to play on a BE enabled server for approx 2 hours uninterrupted).

I won't be giving away detailed information for obvious reasons.

[Greenfist 1863]

If you really managed to play completely without BE running, please please report your method to Battleye. In case it's something that could be prevented by BE or Arma in the future.

By the way, circumventing the BE might result in a global ban. I would strongly recommend against it.

[opusfmspol 282]

Hackers shall always cast hatred upon BE.

[Æ 10]

If you really managed to play completely without BE running, please please report your method to Battleye. In case it's something that could be prevented by BE or Arma in the future.

By the way, circumventing the BE might result in a global ban. I would strongly recommend against it.

I have confidence that my method will go (and has gone so far) undetected as far as being worried about global bans.

I did a quick search around with google and my particular method is nowhere to be found.

I will also not be reporting it as it is currently the only way for me to play the game.

For you worries, the few people (if anyone at all) that would also use a similar or even the same method as I have I can say with confidence would not be interested in such things as cheating in a video game.

I had the honour to briefly work with security testers (Blue Hats/ Hired Hackers), hence my knowledge of this subject.