Kaspersky
Solved

False-positive? Flight Simulator 2020 - PDM:Exploit.Win32.Generic.nblk

  • 3 September 2020
  • 32 replies
  • 2176 views

Userlevel 1

Hi,

 

yesterday Flight Simulator 2020 (i got Steam Version) got updated. After starting the game KIS (2020 and 2021, newest database) found PDM:Exploit.Win32.Generic in “flightsimulator.exe”. The activity monitor flagged it as “suspicious behavior” and deleted the exe. Theres also a list of reg-entries (HKLM\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\...) in the monitor. So maybe the way Flight Simulator corresponds with its servers made KIS think its a trojan.

 

I could start/play the game before the update without any issues.

icon

Best answer by TaKeN 9 September 2020, 09:32

Update to this issue? I wanna keep a clean record in my Kaspersky logs and not just try/backup again :)

Yes i send all logs to Kaspersky and they find a problem ofc that was False Positive.

They repair this problem in new version of database.

 

Best Regards

 

Mod: FIXED.

View original

32 replies

I just had the exact same issue and it indeed it prevents the game from being launched, needs fixing ASAP.

Userlevel 7
Badge +7

@CronoK  @Suicinivrovich   Welcome.
Please contact K-Lab Technical Support https://center.kaspersky.com
Also please submit the EXE object here : https://opentip.kaspersky.com/

@CronoK  @Suicinivrovich   Welcome.
Please contact K-Lab Technical Support https://center.kaspersky.com
Also please submit the EXE object here : https://opentip.kaspersky.com/

Hello @Berny,
The FlightSimulator.exe is 328 MB. 
The limit to upload to analyze is 256 MB.

What should we do?

Userlevel 7
Badge +7

@DarkErl Please provide in your ticket to Tech Support the FLightSimulator download link or opload the EXE-file on a cloud server.

Same here.

Nor Virustotal nor Kaspersky itself are not finding anything suspicious in FlightSimulator.exe, but KAV is breaking MSF2020 run and removing FlightSimulator.exe.

Userlevel 7
Badge +7

@re3lex Only if you trust the application  please try this :

  • Disable the Kaspersky  interactive protection
  • Download and install the software
  • Make MSF2020 trusted
  • !!! Enable the interactive protection !!!
  • Reboot

Thank you @Berny  for the suggestion.

But who can be sure that MSF executable doesn’t contain that worm?  So I would like to get this issue fixed in Kaspersky product or inform us that KAV is a hero and prevented infection.

Userlevel 1

I think its very unlikely its infected. This issue seems to be limited to Kaspersky only. The file itsself is not detected by Kaspersky or any other AV. It might just be an overkill heuristic analysis.

Userlevel 7
Badge +3

@CronoK and @re3lex which version of Flight sim you have?

I have 1.7.12.0 withou problem...

Userlevel 1

Im @ work but it should be 1.7.14.0 according to twitter.

 


 

There are more posts in steam community with the exact same alert while having kaspersky installed.

@CronoK and @re3lex which version of Flight sim you have?

I have 1.7.12.0 withou problem...


The version of FlightSimulator.exe is 1.7.14.0. I got it via Steam update process about 3 hrs ago.

KAV version is 20.0.14.1085 (I)

Userlevel 7
Badge +4

Hello,

Does “flightsimulator.exe” is trusted by KSN. I think this version update caused this problem. As a result of this update, the original file in the trusted zone has been changed, and it is not in the trusted file zone, so behavior detection will list it as a suspicious object and be detected.

If you have provided ”flightsimulator.exe” to KL via support platform, They can fix it asap.

Regards.

Hello,

Does “flightsimulator.exe” is trusted by KSN. I think this version update caused this problem. As a result of this update, the original file in the trusted zone has been changed, and it is not in the trusted file zone, so behavior detection will list it as a suspicious object and be detected.

If you have provided ”flightsimulator.exe” to KL via support platform, They can fix it asap.

Regards.


I have provided it in scope of my ticket.

Hello,

why don’t you put it on the White List?

regards

Same problem

It appears today this problem is resolved for me: I removed msf executable from white list and I still can run it with no issues

Same issue. Cant run Flight Sim 2020 It deletes my  FlightSimulator.exe file. I am assuming Kaspersky will release a patch soon to fix this issue?

Userlevel 2
Badge

Hello,

Same problem here.

Database updated 20 minutes ago and my FlightSimulator.exe is deleted all the time.

md5sum FlightSimulator.exe
0d36a08088e9453cebf26af7062b9793  FlightSimulator.exe


sha1sum FlightSimulator.exe
228930a26577b2daae510ef0b8592cebb5f32e58  FlightSimulator.exe

 

sha256sum FlightSimulator.exe

0dc6fe184b0d52b173c080bbe41ed6ca4604b232989068e1ba6c9575a356ca80  FlightSimulator.exe
 

 

Best Regards

TaKeN

Userlevel 7
Badge +7

@TaKeN  Welcome. Please see recommendation above.

Userlevel 2
Badge

Hello Berny,

Yep yep i exclude directory from Kaspersky don`t worry i know this… i just want to report Kaspersky Antivirus with newlatest version of db still delete files… noone from Your company do anything with this.

 

Best Regards

TaKeN

Userlevel 7
Badge +7

@TaKeN This is a user forum, please contact K-Lab Tech Support 

Userlevel 2
Badge

I was sure someone from Kaspersky read this.

I just report via portal thanks @Berny 

 

Same problem

Userlevel 7
Badge +2

Hi all, 

We need additional information to resolve this issue: 

  1. System Watcher log - here is the instruction how to get it. 
     
  2. Traces - how to get. (Disable Automatic updates before enabling traces).

Please submit a ticket to technical support via my.kaspersky.com and send me the incident number via PM. 

Regards,

Igor

 

Userlevel 2
Badge

Hi all, 

We need additional information to resolve this issue: 

  1. System Watcher log - here is the instruction how to get it. 
     
  2. Traces - how to get. (Disable Automatic updates before enabling traces).

Please submit a ticket to technical support via my.kaspersky.com and send me the incident number via PM. 

Regards,

Igor

 

I sent it yesterday at noon to the Polish departament of kaspersky

@Igor Kurzin i send You in private message link to ticket in Your system with all collected data.

 

Best regards

TaKeN

Reply / Ответить