February 18, 20215 yr I just downloaded the latest update and Windows Defender reported a virus: "Backdoor:Win32/Bladabindi!ml ... containerfile: C:\Users\nickw\AppData\Local\Temp\Temp1_rxpGTN-XPL.zip\rxpGTN-XPL-Setup.exe file: C:\Users\nickw\AppData\Local\Temp\Temp1_rxpGTN-XPL.zip\rxpGTN-XPL-Setup.exe->(inno#000005)" This is the second time a Reality XP update has triggered a virus alert in a couple of weeks. The previous update did as well, but the view on this forum was that it was a false positive, so I allowed it. But this is a different virus and this time in the setup file. It would be unlucky in the extreme if the same company had two false positives in a row for different viruses - and I haven't allowed this one through. So at the moment I am without my GTN 750 or GTN 650. Has anyone else found this and will Reality XP respond here and send out a fixed file? Thanks
February 18, 20215 yr False positives have been occurring for many years with software related to the F1 wrapper system. There is nothing to be concerned about. Edited February 18, 20215 yr by RXP David Porrett
February 18, 20215 yr Author @DavidP - thanks for the quick response. But I remain concerned. I have been an IT developer for 40+years and I struggle to see how a "wrapper system" would be likely to generate multiple DIFFERENT false positives - it must the the unluckiest bit of code in the world. Defender also picks up and reports an issue in the rxpGtnSim32.dll post install - suggesting it is not just the wrapper/installer although of course the dll will be present in th zip. This does not sound "false" to me. Even if that is the case, as this is payware, then they should be taking action to correct the "false" positives (preferably before general release) and getting clean files to us their customers. ITs not as if Defender is an obscure AV! However, on a more positive note - I tried a "Reinstall" from the original .exe I received when I bought GTN 750 as opposed to using the update file, mainly in the hope of getting an earlier file and this installed without triggering Defender - so I seem to be running again until the next update. This process installs an rxpGtnSim32.dll dated 8th Sept 2020 - so I guess I am out of date now. Unfortunately I didn't note the date of the file triggering the alert and don't wish to install again right now for obvious reasons. @Reality XP Support - if you are reading this you need to do something about this, whether it is changing the wrapper, the distribution mechanism or the code.
February 18, 20215 yr Author Further to my last post - The GTN 750 reports as being up-to-date (v2.5.27) within x-plane so anyone else concerned about the virus report might try "Reinstall" rather than using rxpGTN-XPL.zip I find it very strange that using the reinstall process results in a rxpGtnSim32.dll that does not produce a "false" positive.
February 18, 20215 yr 13 minutes ago, NickW61 said: Further to my last post - The GTN 750 reports as being up-to-date (v2.5.27) within x-plane so anyone else concerned about the virus report might try "Reinstall" rather than using rxpGTN-XPL.zip I find it very strange that using the reinstall process results in a rxpGtnSim32.dll that does not produce a "false" positive. In all honesty, this phenomena has been around for several years and if you had taken only a few minutes to read through topic titles you would find it is greatly documented here. There is absolutely no reason to drag the topic through the mud again. It is what it is, a false positive, and it is not the only false positive in existence. And it comes and goes as new virus signatures are added to the world databases, forcing developers to file for an exception. I do not recall previously seeing this issue described as caused by the eCommerce wrapper system in use. Frank Patton Corsair 5000D Airflow Case; MSI B650 Tomahawk MOB; Ryzen 7 7800 X3D CPU; ASUS RTX 4080 Super; NZXT 360mm liquid cooler; Corsair Vengeance 64GB DDR5 4800 MHz RAM; RMX850X Gold PSU;; ASUS VG289 4K 27" Display; Honeycomb Alpha & Bravo, Crosswind 3's w/dampener. Former USAF meteorologist & ground weather school instructor. AOPA Member #07379126 "I will never put my name on a product that does not have in it the best that is in me." - John Deere
February 18, 20215 yr I saw similar issue with Zibo updater and the author Slavbass filed the proper "paper work" with anti virus companies including Microsoft and the software no longer trigger false alarm. The same steps should be followed for this as well. Please take a look at this report for rxpGTN-XPL-Setup dot exe https://www.virustotal.com/gui/file/caf763f3348aae5d2d36a3c067966c48eb04879f1950ada8f6875f2fcc8a8b04/detection Here is how to submit file for evaluation https://www.microsoft.com/en-us/wdsi/filesubmission/ BTW: From security point of view, the problem with false positive is just that. If/when real one will appear it will be ignored and user will be impacted. Edited February 18, 20215 yr by Sims Smith System Spec 1: Nvidia RTX 4090, AMD Ryzen 9 7950X3D, Res 5120x1440, HP Reverb G2System Spec 2: AMD Radeon RX 7900XT, Intel I-9 9990K, Res 3840x1080, HP Reverb G2
February 18, 20215 yr Author @fppilot - Your assumption that I did not read through topics is clearly erroneous as I said that I had previously accepted the advice on this forum that it was a false positive for a previous update. However, I have some relevant expertise in IT and there is sufficient evidence for me to suggest this needs further investigation/resolution following a second and different alert. You may know and trust Reality XP - I don't know them from Adam. I think their software is great and want to keep using it - but there is a problem that they need to be address as a commercial software developer. As my understanding is this forum is the way to request support (every support link I followed on their site eventually sends me here) - and report issues - that is what I have done. I have also pointed out a way to get the (latest?) software installed without triggering AV for those who are worried - hopefully a benefit and reassurance to others. This might also give Reality XP a clue as to why they keep encountering reports of issues and allow them to do something about it - perhaps by modifying their update process slightly?
February 18, 20215 yr Hi, First please understand @fppilot is just another customer like you, helping others like you, and having helped a lot of users lately on the forum about this recent rising number of anti-virus false positive reports. When he is saying you might not have read "enough topics" it is because he knows he has written in so many during the last 2 weeks. Please also note the support forum for your product (GTN XPlane) is here:https://www.avsim.com/forums/forum/772-rxp-gtn-750650-touch/ One of the latest discussion about this subject is clearly visible there with already 8 pages of discussion:https://www.avsim.com/forums/topic/595388-gtn-750-bank-screens-anti-virus-false-positive/ Having said this, please don't presume we didn't submit our files either and even if this is not a trial, the same principle of "presumably innocent prior being guilty" shall apply. This is not saying we're not making any mistakes either and recent updates prove sometimes there are errors slipping through and thanks to you, our customers, we can rectify quickly (I'm not speaking about virus here, but installer typos and trainer download link errors). Nevertheless, there is nothing we can do about anti-virus being aggressive against our files, this is how fuzzy logic and heuristics are working. Like I'm saying lately, try downloading the FS2020 SDK and see what your OS will tell you about it... (not for the same reasons yet potentially as "scary"). 4 hours ago, Sims Smith said: BTW: From security point of view, the problem with false positive is just that. If/when real one will appear it will be ignored and user will be impacted. This is why I'm documenting which measures we're taking against this so that you know what's involved prior taking such decision, and in doubt, you can always ask in the forum: https://www.avsim.com/forums/topic/522608-trojan-virus-false-positive/
February 18, 20215 yr 4 hours ago, NickW61 said: I have some relevant expertise in IT @NickW61, you may well have IT expertise - however as @RXP has pointed out, many users help here with their relevant expertise in using this fine product. Instead of berating the help of @fppilot, perhaps you should continue discussions with @RXP by PM on the more technical aspects of this issue. There are lots of knowledgeable users of this product who go above and beyond the call of duty in helping new users in particular (I'm looking at @Bert Pieke as well as @fppilot) and they should be treated with respect for taking the time to help as they are under no obligation to do so. David Porrett
February 19, 20215 yr Author I would just like to say I did not just post a problem, did not disrespect anyone, acknowledged how good I thought the product was and posted a possible solution (trying to help others). I don't think I will be back here anytime soon. @RXP I will PM you as I think either you or I need to understand why reinstall is different from upgrade - if it is.
Archived
This topic is now archived and is closed to further replies.