EFU Launcher being flagged as suspicious

Vlaid · May 22, 2015, 07:39:06 PM

Apparently several people (including myself) are seeing the EFULauncher.exe being flagged as as suspicious/virus by their anti-virus. My avast is treating it as a virus. I used it without issue as recently as las tnight but I guess some people have been having issues with it for a few days.

For reference I am using Avast.

Knight Of Pentacles · May 22, 2015, 07:51:43 PM

Same though when I re-downloaded it it didn't trigger Avast - though when I try to use 7zip it tells me I cannot open it as archive.

Vlaid · May 22, 2015, 07:56:20 PM

I ran it through https://www.virustotal.com/ and nothing flagged it, though I had to upload it as an archive file (not the individual file being flagged as suspicious).

Nothing detected it as suspicious, which is strange considering the avast I have installed is detecting it as suspicious and Avast is one of the AV programs scanning it on https://www.virustotal.com/.

Kinslayer988 · May 22, 2015, 07:56:23 PM

Perhaps run as administrator?

Kinslayer988 · May 22, 2015, 08:08:41 PM

That is strange to hear. Perhaps turn off firewall for the specific program would work. I remember having to do that back when I was working with WoW and some steam mods.

Vlaid · May 22, 2015, 08:12:51 PM

Considering the program in question I am not going to allow it until I know for certain it is a false positive.

I can just play EFU without the launcher until then.

Talir · May 22, 2015, 08:18:21 PM

This is the new launcher by Snoteye, correct? It is likely a false positive but you can indeed go without it.

Vlaid · May 22, 2015, 08:38:36 PM

Yes the launcher in question is the one listed in this thread

http://www.efupw.com/forums/showthread.php?81588-EFU-Launcher-amp-Optional-HAKs-and-Downloads

I was using the same launcher I've been using for a long time, just suddenly being flagged and was subsequently removed from my system by avast.

I also did re-download it from the above thread to test and the EFULauncher.exe is flagging but the other two files with it are not.

Paha · May 22, 2015, 08:40:41 PM

Note that antivirus programs always register anything that accesses or uses registry or any other manner of function. I believe ours might use small search in order to install and search for right directory, nothing more. If you have suspicions, launcher is totally opensource and all visible in github as Snot has shown.

If you use what is given there, it is completely safe.

Snoteye · July 13, 2015, 07:06:42 AM

I only just saw this.

It is true that the launcher (occasionally) accesses the registry. It does this to locate the installation path of NWN, which is needed to actually launch the NWN executable post-update. The launcher doesn't change anything (in the registry; it downloads files, obviously) but that's not really important. Paha is most likely correct that this is what's causing the flagging. The launcher can optionally run from the same directory as the NWN executable, in which case it will skip the registry access, but I have no idea if that's enough to avoid the flagging -- probably not, because detecting that pattern in the executable is quite simple.

So: provided that you are acquiring the launcher from the GitHub page I guarantee that nothing questionable is going on.