Jump to content

False-positive? Flight Simulator 2020 - PDM:Exploit.Win32.Generic.nblk


Go to solution Solved by Danila T.,

Recommended Posts

Posted

Hi,

 

yesterday Flight Simulator 2020 (i got Steam Version) got updated. After starting the game KIS (2020 and 2021, newest database) found PDM:Exploit.Win32.Generic in “flightsimulator.exe”. The activity monitor flagged it as “suspicious behavior” and deleted the exe. Theres also a list of reg-entries (HKLM\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\...) in the monitor. So maybe the way Flight Simulator corresponds with its servers made KIS think its a trojan.

 

I could start/play the game before the update without any issues.

  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

  • Danila T.

    11

  • TaKeN

    7

  • Berny

    6

  • re3lex

    5

Top Posters In This Topic

Suicinivrovich
Posted

I just had the exact same issue and it indeed it prevents the game from being launched, needs fixing ASAP.

Posted

@DarkErl Please provide in your ticket to Tech Support the FLightSimulator download link or opload the EXE-file on a cloud server.

Posted

Same here.

Nor Virustotal nor Kaspersky itself are not finding anything suspicious in FlightSimulator.exe, but KAV is breaking MSF2020 run and removing FlightSimulator.exe.

Posted

Thank you @Berny  for the suggestion.

But who can be sure that MSF executable doesn’t contain that worm?  So I would like to get this issue fixed in Kaspersky product or inform us that KAV is a hero and prevented infection.

Posted

I think its very unlikely its infected. This issue seems to be limited to Kaspersky only. The file itsself is not detected by Kaspersky or any other AV. It might just be an overkill heuristic analysis.

Posted

Im @ work but it should be 1.7.14.0 according to twitter.

 


 

There are more posts in steam community with the exact same alert while having kaspersky installed.

Posted

@CronoK and @re3lex which version of Flight sim you have?

I have 1.7.12.0 withou problem...


The version of FlightSimulator.exe is 1.7.14.0. I got it via Steam update process about 3 hrs ago.

KAV version is 20.0.14.1085 (I)

Posted

Hello,

Does “flightsimulator.exe” is trusted by KSN. I think this version update caused this problem. As a result of this update, the original file in the trusted zone has been changed, and it is not in the trusted file zone, so behavior detection will list it as a suspicious object and be detected.

If you have provided ”flightsimulator.exe” to KL via support platform, They can fix it asap.

Regards.

Posted

Hello,

Does “flightsimulator.exe” is trusted by KSN. I think this version update caused this problem. As a result of this update, the original file in the trusted zone has been changed, and it is not in the trusted file zone, so behavior detection will list it as a suspicious object and be detected.

If you have provided ”flightsimulator.exe” to KL via support platform, They can fix it asap.

Regards.


I have provided it in scope of my ticket.

Werder1955Bremen
Posted

Hello,

why don’t you put it on the White List?

regards

Posted

It appears today this problem is resolved for me: I removed msf executable from white list and I still can run it with no issues

Posted

Same issue. Cant run Flight Sim 2020 It deletes my  FlightSimulator.exe file. I am assuming Kaspersky will release a patch soon to fix this issue?

Posted

Hello,

Same problem here.

Database updated 20 minutes ago and my FlightSimulator.exe is deleted all the time.

md5sum FlightSimulator.exe
0d36a08088e9453cebf26af7062b9793  FlightSimulator.exe


sha1sum FlightSimulator.exe
228930a26577b2daae510ef0b8592cebb5f32e58  FlightSimulator.exe

 

sha256sum FlightSimulator.exe

0dc6fe184b0d52b173c080bbe41ed6ca4604b232989068e1ba6c9575a356ca80  FlightSimulator.exe
 

 

Best Regards

TaKeN

Posted

Hello Berny,

Yep yep i exclude directory from Kaspersky don`t worry i know this… i just want to report Kaspersky Antivirus with newlatest version of db still delete files… noone from Your company do anything with this.

 

Best Regards

TaKeN

Posted

I was sure someone from Kaspersky read this.

I just report via portal thanks @Berny 

 

Posted

Hi all, 

We need additional information to resolve this issue: 

  1. System Watcher log - here is the instruction how to get it. 
     
  2. Traces - how to get. (Disable Automatic updates before enabling traces).

Please submit a ticket to technical support via my.kaspersky.com and send me the incident number via PM. 

Regards,

Igor

 

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now



×
×
  • Create New...