xforce/anno1800-mod-loader

Windows Defender definition update leads to mod loader being quarantined

Closed this issue · 1 comments

Just giving you a heads up that on Windows 11, the mod loader download ZIP and the changed python35.dll might get quarantined by Windows Defender because of a definition update. Windows Defender now seems to think that the file matches Trojan:Script/Oneeva.A!ml.

I believe this is a false positive since VirusTotal detects nothing: https://www.virustotal.com/gui/file/bf797a4448b596cd191f998339bf7b9b34f510b9ce7fdf401d56461d976855a4

Interestingly, this project is not the only one affected: https://www.reddit.com/r/computers/comments/np89mx/trojanscriptoneevaaml/

Unsure what to do about this from a developer perspective. Maybe just a documentation thing for users.

Observed behavior:

  • Game starting. Getting message "version not compatible with game" - but there has been no game update!
  • Redownload mod loader. Chrome blocked it.
  • Open WIndows Defender, also blocked the file
  • Whitelist file and download again
  • Game now starting again with mods working

Not much I can do about it unfortunately. I do keep re-submitting it for false positives every time I get a report. That's unfortunately all I can do