Jump to content

Virus Warning "Saturn.exe"


manmau

Recommended Posts

 

Quote

Your Central log file provides us important information, please attach it to your support requests. You can find it at the following locations, or by pressing Control + Shift + L.

  • Windows: %APPDATA%/Orbx/Central/central.log
  • macOS: ~/Library/Application Support/Orbx/Central/central.log
  • Linux: ~/.config/Orbx/Central/central.log


You can delete this box/quote once your log is attached

 

 

 

Operating system:  Windows 10 1903

Simulator:  Prepar3d v4.5 HF

Screenshot:  

Issue:  

 

Hi all,

 

I got a virus warning message today (suspicious behaviour) upon starting Orbx Central 4.0.12 from Kaspersky Internet Security for the program Saturn.exe.

Object Name: PDM:Trojan.Win32.Bazon.a.

Saturn.exe was deleted by Kaspersky

 

I did not get a warning the days before, so it could be a false positive.

 

I can specify an exception in Kaspersky for the orbx central folder, but can someone from the devs confirm, that orbx central is scanned for viruses before releasing (even fastlane).

 

Kind Regards

Manfred

 

Link to comment
Share on other sites

Hi Manfred,

 

This is likely a false positive. Saturn.exe is just the .NET Core application host.

 

It would appear at least three anti-viruses complain about Saturn.exe. We'll see if there is anything we can do on our end to clear this up.

https://www.virustotal.com/gui/file/02fade6578ec0fb40e9e0c24adea708a8cae2fbb8b15089caa38e12e7f56d956/detection

 

The executable is also digitally signed by Orbx (you can see this in the file properties) and this ensures the application hasn't been modified since we've built it.

 

image.png

 

 

Link to comment
Share on other sites

On 9/9/2019 at 6:11 PM, Mitchell Williamson said:

Hi Manfred,

 

This is likely a false positive. Saturn.exe is just the .NET Core application host.

 

It would appear at least three anti-viruses complain about Saturn.exe. We'll see if there is anything we can do on our end to clear this up.

https://www.virustotal.com/gui/file/02fade6578ec0fb40e9e0c24adea708a8cae2fbb8b15089caa38e12e7f56d956/detection

 

The executable is also digitally signed by Orbx (you can see this in the file properties) and this ensures the application hasn't been modified since we've built it.

 

 

Hi Mitchell thanks for getting onto this- hopefully the virus databases will be updated soon. I started updating to V4 today and reinstalled the first five of my ORBX packages and then decided to do a resynchronise ( because the AU AI was giving some strange aircraft duplication error messages whilst booting up in P3D) then Kaspersky went red and locked the outbound comms from Saturn.exe. with the result that FTX Central decided to halt proceedings.

Hopefully the AV databases will be corrected soon as I cant go forwards or backwards. Turning Kasperky off doesn't stop it from being big brother.

Cheers

Alex

PS on further checking I find Kaspersky has quarantined Saturn.exe so it no longer appears in the Saturn-win folder, that must be why ORBX central is not working. most annoying.

Link to comment
Share on other sites

Yes and I tried to exclude (btw, I made a notification to Kaspersky) the saturn-win directory and the update directory.

The I tried to reinstall the Orbx Central.

However, now I got message from Orbx I was unable to to download the application package:

 

Uitzonderingen.JPG.7c49783a5cbffd5dd6925a2f066ebb9c.JPG

 

So, please Orbx, resolve this issue quickly.

 

Greetings,

Wil

Link to comment
Share on other sites

I also use Kaspersky Total Security. Just a moment ago KTS gave me the same message as reported by @DexyRed , (this one is in Portuguese language!).

Seeing earlier discussion about "false positives" in these forums I decided to not let KTS to delete the file and begin to clean the PC. Instead I took the risk of adding only Saturn.exe (and not a whole folder) to the exclusion list within KTS. Then rebooted the PC. After reboot the KTS popup didn't re-appear (so far).

Btw. I was not running ORBX-Central, but I had Prepar3D v4.5 running.

I´ll continue to follow this thread to see if something more comes out.

I would appreciate if ORBX comes with a definite answer to these reports.

IMG_6037.JPG

Link to comment
Share on other sites

Thank you @Nick Cooper , but I want to reply here to what @Mitchell Williamson wrote in post #2 about the signature, i quote "The executable is also digitally signed by Orbx (you can see this in the file properties) and this ensures the application hasn't been modified since we've built it.", but I see in the details that KTS gives me about the status of the certificate of Saturn.exe: "not trustable" (my translation from: "não confiaveis". See the screenshot. But as I wrote in my first reply. I put Saturn.exe in the exclusions list of KTS. 

Schermopname (948).png

Link to comment
Share on other sites

Kaspersky have confirmed by email to me it as a false positive and advised it will be fixed soon. My last experience with them a few years ago was that it occurred within 2 data base updates which is within 24 hrs. They are very efficient in my experience.

Link to comment
Share on other sites

I received this an hour or so ago - might be helpful for anyone who needs to fly their sim now.......

~~~~~~~~~~~~~~~~~~~~~~

Thank you for your patience in waiting for our reply.
We have received an update that the detection is a false-positive. The removal of the detection from our database is in process. You may check the issue again after updating the database tomorrow. In the meantime, you may exclude the file from being scanned to avoid a detection. The steps are as follows:
1. Click on “Settings” (gear icon) in the bottom left corner of the Kaspersky main windows.
2. Click on Additional > Threats and Exclusions > “Manage exclusions”.
3. Click on “Add” > “Browse” to select the file/folder to exclude from being scanned.
4. In the Protection components section, check all boxes.
5. Click on “Add” to add exclusion.
Please feel free to contact us should you have further queries. Thank you for contacting Kaspersky Lab Technical Support and have a good day!
Regards,
Ray
Kaspersky Lab Technical Support

If the issue remains unresolved or you need more information, please reply to this email or or call our Technical Support no: Australia: 1300 762 833, New Zealand: 0800 451 468, Monday to Friday 8am to 6:00pm, Saturday 9am to 4:30pm Local Melbourne Time.
If you have no further questions and the issue is in fact resolved, then you can simply ignore this message and we will close this request for you within 5 days.

~~~~~~~~~~~~~~~~~~~~~~~~~

 

Cheers

Link to comment
Share on other sites

Just a few minutes ago I did install an update of Kaspersky.

After that I reinstalled (I already removed Orbx Central before and installed FTX Central again) Orbx Central.

At the Orbx site 4.0.12 version is now available.

No problems anymore.

 

Have a nice flight (again)

Wil

Link to comment
Share on other sites

17 hours ago, Euphonist said:

Just a few minutes ago I did install an update of Kaspersky.

After that I reinstalled (I already removed Orbx Central before and installed FTX Central again) Orbx Central.

At the Orbx site 4.0.12 version is now available.

No problems anymore.

 

Have a nice flight (again)

Wil

I can confirm all good now at my end after the Kaspersky update.

I think it is safe to close this topic now.

Back to my low and slow flights.

Cheers

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...