Store Page
Unrailed!
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews
KrzAramis Aug 21, 2020 @ 7:50am
UnrailedGame.exe reported as Malware by Sophos
To Whom It May Concern:

On a regular basis, the game fails to start.

In the Sophos home dashboard, I now have 3 instances of the following message:

ML/PE-A
C:\Program Files (x86)\Steam\steamapps\common\Unrailed\UnrailedGame.exe

In order to play the game, I need to, ask Sophos to restore the executable (I take it that it either deleted, or renamed it) and perform the "validate game content" in Steam.

I would have thought that after 3 times telling the Anti-Virus engine that it is okay, that it would adapt, but alas. Regardless, I do think the Game Developer should take this up with Sophos along with a code audit just to make sure nothing untoward is happening.

Thank you for reading.
< >
Showing 1-15 of 17 comments
mwoody450 Aug 31, 2020 @ 5:25pm 
ESET marks it as suspicious as well. Concerning.
#1
Richard Aug 31, 2020 @ 6:55pm 
Also using ESET, can't even allow it since it deletes it immediately without quarantine.
#2
GeNolWeNol Aug 31, 2020 @ 11:20pm 
Yup, another ESET user here with the same issue.

Originally posted by Richard:
Also using ESET, can't even allow it since it deletes it immediately without quarantine.
You can add manually via Setup -> Computer protection -> gear icon on the right -> Edit exclusions, but yea, it's quite a hassle.
#3
tholugo 朗涛  [developer] Sep 1, 2020 @ 7:09am 
It seems like some AV start to reject our obfuscation again.
In the past I wrote all major AV companies but it takes some time until they react and they marked it then as false positive.
For the SophosML case, we can't do much. It was not even possible to ask them to check the file thoroughly.
You can for the time being mark it locally as false positive or contact your AV provider (if you don't trust us). I'll to this myself soon but we probably try a different obfuscation method first.
Last edited by tholugo 朗涛; Sep 1, 2020 @ 7:24am
#4
Yes-Man Sep 1, 2020 @ 7:47am 
Yup, same problem here. ESET is immediately deleting the file.

Edit: https://www.virustotal.com/gui/file/91c74ccd968cec5542d8097a88b7171feebcbd07b8a66005dacc78a396f03c99/detection
Last edited by Yes-Man; Sep 1, 2020 @ 7:50am
#5
tholugo 朗涛  [developer] Sep 1, 2020 @ 7:52am 
Nice, ESET seems to have fixed it. I reported it to Microsoft now. Their online defender also seems to detect it which is super super annoying. I think last time it took several weeks until they checked it and updated their database :/.
Last edited by tholugo 朗涛; Sep 1, 2020 @ 1:14pm
#6
tholugo 朗涛  [developer] Sep 1, 2020 @ 1:13pm 
Okay Microsoft answered pretty fast:
"We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Thank you for contacting Microsoft."
#7
KrzAramis Sep 2, 2020 @ 12:27pm 
Hi, thanks to all for their interest in this thread.

It is happening again today. I suppose the file has been changed/updated.

I have marked once again as a false positive.

As soon as possible I will raise a case with Sophos, or I may very well change AV provider!

Thanks a lot.
#8
Chavi Sep 8, 2020 @ 10:58am 
Same here. I have contacted Eset about it, but it seems to not have helped.
#9
tholugo 朗涛  [developer] Sep 8, 2020 @ 4:38pm 
@Chavi. It should be whitelisted by ESET-NOD32 already. Can you check whether ESET-NOD32 is up to date on your PC?
#10
memepeddlerguy12 Sep 9, 2020 @ 10:20am 
It still hits as Suspicious by ESET
#11
Fabibassi Sep 13, 2020 @ 7:00am 
<?xml version="1.0" encoding="UTF-8"?>

-<ESET>


-<LOG>


-<RECORD>

<COLUMN NAME="Zeit">13.09.2020 15:46:53</COLUMN>

<COLUMN NAME="Scanner">Echtzeit-Dateischutz</COLUMN>

<COLUMN NAME="Objekttyp">Datei</COLUMN>

<COLUMN NAME="Objekt">G:\Steam\steamapps\downloading\1016920\UnrailedGame.exe</COLUMN>

<COLUMN NAME="Erkennung">Suspicious Object</COLUMN>

<COLUMN NAME="Aktion">Gesäubert durch Löschen</COLUMN>

<COLUMN NAME="Benutzer">XXXXXXXXXXXXXX</COLUMN>

<COLUMN NAME="Information">Ereignis beim Bearbeiten einer Datei durch die Anwendung: F:\Program Files (x86)\Steam\steam.exe (A28E81FC6998C3F28BE6E4F5229F16DF16C2EE85).</COLUMN>

<COLUMN NAME="Hash">254120098F64C662F23E5DB53806801666BC3D80</COLUMN>

<COLUMN NAME="Zuerst hier gesehen">13.09.2020 13:43:46</COLUMN>

</RECORD>

</LOG>

</ESET>
#12
Richard Sep 13, 2020 @ 7:35am 
I just uninstalled it. It's not worth the fight with my AV for a game I only played a couple of times.
#13
Pandoron Sep 16, 2020 @ 2:49am 
It's still blocked by ESET
#14
Biscuit Sep 18, 2020 @ 8:06am 
13.2.18.0 ESET is fine now, thanks
https://i.imgur.com/KkjtcuW.png
#15
< >
Showing 1-15 of 17 comments
Per page: 1530 50

Unrailed! > Help & Technical Support > Topic Details
Date Posted: Aug 21, 2020 @ 7:50am
Posts: 17

Discussions Rules and Guidelines