Upcoming Games

(UTC times)


Full list
Add a game

Upcoming Events

No events to display

Loader v5.24 falsely detected as Malware

You are here: Home > Forum > General > General questions, comments, and issues > Loader V5 > Loader v5.24 falsely detected as Malware

Page 1 of 1

Loader v5.24 detected as Malware 01/01/2023 at 18:35 #149890
9pN1SEAp
Avatar
1102 posts
Hi,

This affects almost no users but I thought it might be worth a report anyway.

The SimSigLoader downloaded by the UpdaterTool is currently being blocked on laptops running Check Point Harmony Endpoint with the Threat Emulation (sandboxing) capability enabled. The initial version from the installer isn't affected, nor were any versions prior to v5.24. I've got round it with an exclusion based on its SHA-1 hash (!)

I've attached the report detailing why it thinks it's bad.
Thanks
Jamie

Post has attachments. Log in to view them.
Jamie S (JAMS)
Last edited: 01/01/2023 at 18:38 by 9pN1SEAp
Reason: HTML zipped to disable "Internet Zone" flagging

Log in to reply
Loader v5.24 detected as Malware 01/01/2023 at 19:14 #149896
GeoffM
Avatar
6280 posts
I had a quick look through that log and am somewhat surprised at what they call "threats". For example, reading the computer name? Or loading "http://www.bing.com/favicon.ico"? Or uses cryptography?

There are also some claims which, as far as the SimSig code itself is concerned, are flat out false, like setting files to hidden, and "tries to read supported languages", and "hides the extension of specific file types". I will concede that perhaps some of the DLLs or packages used may contain such calls, though that in itself doesn't mean they're actually called by anything.

I notice that in the Check Point forum the developers ask for false positives like this sort of thing, not to mention a large number of threads on other forums with reports of false positives.

SimSig Boss
Last edited: 01/01/2023 at 22:05 by GeoffM
Reason: None given

Log in to reply