theshadowpriest Posted March 2 Posted March 2 Hello, Been looking into some private servers and local hosting. I've downloaded several clients and patches from the links provided here and around epvpers and noticed some of the conquer.exe files get flagged as malicious. Running some of them through https://www.virustotal.com/ retun varying results, some considerably more flags than others. Ones I've been looking at are earlier clients around 4294-5017 I was wondering if anyone had any advice in regards to how to get rid of these and/or what people do about these flags? Any way to remove whatever is causing them to be flagged? I wouldn't think it reasonable to expect users to have to create exceptions for these just to play. Quote
Spirited Posted March 4 Posted March 4 They're false positives. It was a problem back in the day for the official servers as well. You can add the flagged files to your allow list. I'm not sure if people looked into why or not. Quote
darkfox Posted March 4 Posted March 4 (edited) 10 hours ago, Spirited said: They're false positives. It was a problem back in the day for the official servers as well. You can add the flagged files to your allow list. I'm not sure if people looked into why or not. I think the only ways to make it undetectable is to embed the hook inside Conquer.exe or sign it with a key provided by a signing authority. Edited March 4 by darkfox Quote
Spirited Posted March 5 Posted March 5 10 hours ago, darkfox said: I think the only ways to make it undetectable is to embed the hook inside Conquer.exe or sign it with a key provided by a signing authority. I don't think it's related to any hook. It affected official conquer as well. Quote
theshadowpriest Posted March 17 Author Posted March 17 Yeah, aware they're falsepositives, but cant really exepect everyone to be messing around with AV software just to download. Some of the clients flag a lot more than others though. I noticed the client around patch 4312-4330~ or so are difficult to even download. Some the client files aorund this time seem to have been encrypted differently, difficult to download or open/edit them with Olly. i guess the solution is to just not use those particular verisons. Quote
CptSky Posted March 17 Posted March 17 For really old client versions, TQ used UPX to pack the executable, which is often flagged by antivirus as an obfuscation method used by viruses. So, you can always unpack the executable. For patches around 5017-5065, some still get flagged even if not packed. At some point, there isn't much that can be done and the best is to recommend to all players to exclude the folder. As many are just using Microsoft Defender, you can normally run a PowerShell command in your installer to auto-exclude the folder. Quote
theshadowpriest Posted March 20 Author Posted March 20 (edited) yeah the false positives that get picked up arent really an issue, maybe like 2-3 out of the 80 scanners from totalvirus scan I think ill just try avoiding any of those packed versions that dont get 40/80 flags to avoid the hastle. I was wanting to go with a clean 2.0 client, from before cps and all the p2w crap started to get added Edited March 20 by theshadowpriest Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.