Kaspersky
Question

False Positive Space Engineers game: UDS:DangerousObject.Multi.Generic

  • 18 November 2020
  • 8 replies
  • 623 views

The Rootscankit labelled SpaceEngineers.exe (the executable to launch the game Space Engineers) as malware. Detecting it as UDS: DangerousObject.Multi.Generic, Kaspersky quarantined the file. 

After trying to launch the game via Steam, Steam stated that the very same file is missing and that thus the game cannot be launched.

This prompted me to believe that this is a false positive. I have over 1900 hours in this game over the last 5+ years. If it truly were malware, it should’ve been detected long ago.


8 replies

Userlevel 7
Badge +9

Hello @Soundcaster

Welcome!

Not necessarily, software changes all the time, it may be a recent update has changed  SpaceEngineers.exe so that it’s now detected or it may well be a FP. 

  1. Check the detected object using Kaspersky Open Threat portal, and select the Submit to reanalyze option, add your email address & comments to send to Kaspersky experts for further analysis.
  2. Log a case with Kaspersky Technical Support, fill in the template as in our image, if your KAV version is 21.2, select 21.1 →  Kaspersky have not updated their templates; zip the  SpaceEngineers.exe file, name the zip archive malware, or infected & protect the zip archive with a password, add the zip archive to the request; add the password to the request; in the problem description provide a detailed history, images & or video: if they help explain the problem & the URL/link to this Community topic: Support may request Logs & or other system data, they will guide you if necessary.

 

  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in their MyKaspersky account.

Please share the outcome with the Community when it’s available? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

I’ll try that. The game didn’t have an update today and during yesterday’s scan nothing happened.

Userlevel 7
Badge +9

I’ll try that. The game didn’t have an update today and during yesterday’s scan nothing happened.

Hello @Soundcaster

You’re most welcome!

  • Upload the detection as shown in KAV reports, in KAV, save or export the report as a .txt file, attach to your reply? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

I can’t upload SpaceEngineers.exe to the portal because the antivirus program itself keeps removing the .exe. I literally can’t copy it. I am also stuck in a circle, because I can’t add the game into the exclusion list because the executable is not selectable because of said deletion.

Ignore my previous comment, managed to find a workaround for the time being.

@Flood and Flood's wife below is the KAV report. Mind you, the language in this picture is Dutch. I received two additional reports with the only change in text being either quarantined or deleted instead of detected (gedetecteerd in Dutch).

8b0a091fa81ef739fa00d9401dd33622.png

I managed to follow the instructions you listed above. Now we play the waiting game.

Userlevel 7
Badge +8

find a workaround for the time being.

Did you succeed  to make the objects Trusted in Kaspersky?

find a workaround for the time being.

Did you succeed  to make the objects Trusted in Kaspersky?

Sort of. Managed to add the executable as an exemption. It doesn’t delete it now but the issue technically remains. This is solely a work-around for the time being.

As stated earlier, I reported the incident to Kaspersky and am awaiting their response. Until then this issue should not be marked as solved.

Reply