manmau Posted September 9, 2019 Posted September 9, 2019 Quote Your Central log file provides us important information, please attach it to your support requests. You can find it at the following locations, or by pressing Control + Shift + L. Windows: %APPDATA%/Orbx/Central/central.log macOS: ~/Library/Application Support/Orbx/Central/central.log Linux: ~/.config/Orbx/Central/central.log You can delete this box/quote once your log is attached Operating system: Windows 10 1903 Simulator: Prepar3d v4.5 HF Screenshot: Issue: Hi all, I got a virus warning message today (suspicious behaviour) upon starting Orbx Central 4.0.12 from Kaspersky Internet Security for the program Saturn.exe. Object Name: PDM:Trojan.Win32.Bazon.a. Saturn.exe was deleted by Kaspersky I did not get a warning the days before, so it could be a false positive. I can specify an exception in Kaspersky for the orbx central folder, but can someone from the devs confirm, that orbx central is scanned for viruses before releasing (even fastlane). Kind Regards Manfred
Mitchell Williamson Posted September 9, 2019 Posted September 9, 2019 Hi Manfred, This is likely a false positive. Saturn.exe is just the .NET Core application host. It would appear at least three anti-viruses complain about Saturn.exe. We'll see if there is anything we can do on our end to clear this up. https://www.virustotal.com/gui/file/02fade6578ec0fb40e9e0c24adea708a8cae2fbb8b15089caa38e12e7f56d956/detection The executable is also digitally signed by Orbx (you can see this in the file properties) and this ensures the application hasn't been modified since we've built it.
Uteman Posted September 10, 2019 Posted September 10, 2019 On 9/9/2019 at 6:11 PM, Mitchell Williamson said: Hi Manfred, This is likely a false positive. Saturn.exe is just the .NET Core application host. It would appear at least three anti-viruses complain about Saturn.exe. We'll see if there is anything we can do on our end to clear this up. https://www.virustotal.com/gui/file/02fade6578ec0fb40e9e0c24adea708a8cae2fbb8b15089caa38e12e7f56d956/detection The executable is also digitally signed by Orbx (you can see this in the file properties) and this ensures the application hasn't been modified since we've built it. Hi Mitchell thanks for getting onto this- hopefully the virus databases will be updated soon. I started updating to V4 today and reinstalled the first five of my ORBX packages and then decided to do a resynchronise ( because the AU AI was giving some strange aircraft duplication error messages whilst booting up in P3D) then Kaspersky went red and locked the outbound comms from Saturn.exe. with the result that FTX Central decided to halt proceedings. Hopefully the AV databases will be corrected soon as I cant go forwards or backwards. Turning Kasperky off doesn't stop it from being big brother. Cheers Alex PS on further checking I find Kaspersky has quarantined Saturn.exe so it no longer appears in the Saturn-win folder, that must be why ORBX central is not working. most annoying.
Euphonist Posted September 10, 2019 Posted September 10, 2019 Yes and I tried to exclude (btw, I made a notification to Kaspersky) the saturn-win directory and the update directory. The I tried to reinstall the Orbx Central. However, now I got message from Orbx I was unable to to download the application package: So, please Orbx, resolve this issue quickly. Greetings, Wil
paulskpt2 Posted September 10, 2019 Posted September 10, 2019 I also use Kaspersky Total Security. Just a moment ago KTS gave me the same message as reported by @DexyRed , (this one is in Portuguese language!). Seeing earlier discussion about "false positives" in these forums I decided to not let KTS to delete the file and begin to clean the PC. Instead I took the risk of adding only Saturn.exe (and not a whole folder) to the exclusion list within KTS. Then rebooted the PC. After reboot the KTS popup didn't re-appear (so far). Btw. I was not running ORBX-Central, but I had Prepar3D v4.5 running. I´ll continue to follow this thread to see if something more comes out. I would appreciate if ORBX comes with a definite answer to these reports.
Nick Cooper Posted September 10, 2019 Posted September 10, 2019 Hello, the answer in post 2 is definitive.
paulskpt2 Posted September 10, 2019 Posted September 10, 2019 Thank you @Nick Cooper , but I want to reply here to what @Mitchell Williamson wrote in post #2 about the signature, i quote "The executable is also digitally signed by Orbx (you can see this in the file properties) and this ensures the application hasn't been modified since we've built it.", but I see in the details that KTS gives me about the status of the certificate of Saturn.exe: "not trustable" (my translation from: "não confiaveis". See the screenshot. But as I wrote in my first reply. I put Saturn.exe in the exclusions list of KTS.
Nick Cooper Posted September 10, 2019 Posted September 10, 2019 I would think that as a Kaspersky customer, you could yourself report to them that the file is not a virus. "Not trustable" in this case just means that it is missing from their database of trusted files.
Euphonist Posted September 11, 2019 Posted September 11, 2019 That is what I did yesterday. Paul, do the same. That makes it more urgent to Kaspersky, although I know that work hard on such problems. Thanks, Wil
Uteman Posted September 11, 2019 Posted September 11, 2019 Kaspersky have confirmed by email to me it as a false positive and advised it will be fixed soon. My last experience with them a few years ago was that it occurred within 2 data base updates which is within 24 hrs. They are very efficient in my experience.
Uteman Posted September 12, 2019 Posted September 12, 2019 I received this an hour or so ago - might be helpful for anyone who needs to fly their sim now....... ~~~~~~~~~~~~~~~~~~~~~~ Thank you for your patience in waiting for our reply. We have received an update that the detection is a false-positive. The removal of the detection from our database is in process. You may check the issue again after updating the database tomorrow. In the meantime, you may exclude the file from being scanned to avoid a detection. The steps are as follows: 1. Click on “Settings” (gear icon) in the bottom left corner of the Kaspersky main windows. 2. Click on Additional > Threats and Exclusions > “Manage exclusions”. 3. Click on “Add” > “Browse” to select the file/folder to exclude from being scanned. 4. In the Protection components section, check all boxes. 5. Click on “Add” to add exclusion. Please feel free to contact us should you have further queries. Thank you for contacting Kaspersky Lab Technical Support and have a good day! Regards, Ray Kaspersky Lab Technical Support If the issue remains unresolved or you need more information, please reply to this email or or call our Technical Support no: Australia: 1300 762 833, New Zealand: 0800 451 468, Monday to Friday 8am to 6:00pm, Saturday 9am to 4:30pm Local Melbourne Time. If you have no further questions and the issue is in fact resolved, then you can simply ignore this message and we will close this request for you within 5 days. ~~~~~~~~~~~~~~~~~~~~~~~~~ Cheers
Euphonist Posted September 12, 2019 Posted September 12, 2019 Just a few minutes ago I did install an update of Kaspersky. After that I reinstalled (I already removed Orbx Central before and installed FTX Central again) Orbx Central. At the Orbx site 4.0.12 version is now available. No problems anymore. Have a nice flight (again) Wil
Uteman Posted September 13, 2019 Posted September 13, 2019 17 hours ago, Euphonist said: Just a few minutes ago I did install an update of Kaspersky. After that I reinstalled (I already removed Orbx Central before and installed FTX Central again) Orbx Central. At the Orbx site 4.0.12 version is now available. No problems anymore. Have a nice flight (again) Wil I can confirm all good now at my end after the Kaspersky update. I think it is safe to close this topic now. Back to my low and slow flights. Cheers
Recommended Posts
Archived
This topic is now archived and is closed to further replies.