Hi,

I have been playing SWL via steam for the past 4 months at least, with no problems. This morning, Feb 17, 2021 I noticed that Steam would not let me play SWL and Windows Defender complained that the PatchClient.exe (not sure if exact file) had a virus.

So I uninstalled the Steam version and downloaded the install client from SWL website. Then during the install process Windows Defender again found a trojan horse and would not let me continue.

Is this being fixed? I don’t want to have to manually remove the trojan horse before installing, as I am afraid of missing some steps and letting the virus contaminate my system.

got the trojan too, im a not playing through steam

Is it definitely finding something in the installs, or is there a possibility it is elsewhere on your PC?

Did a few checks on my installs and can’t see a problem with the client(s). Patched and ran all of the clients first so I know that they are running on “latest”. Also downloaded most current signatures for my antivirus.

Scan of Standalone client directory with Kaspersky:

Scan of Steam client directory with Kaspersky:

Scan of Steam client directory on another PC with Defender:

Scan of Standalone client directory on yet another PC with Defender:

There are a few people noting that they have seen alerts from Defender, it’s being discussed on the official Discord server at the moment. No other antivirus seems to be seeing it, so it’s pretty likely it’s a false positive.

Wouldn’t be the first time that false positives have happened, with this or other games. Understandable to be cautious, though.

I started having this issue last night in connection with a Windows 10 update. I play SWL through Steam and Windows Defender detects a virus upon starting the game in SecretWorldLegendsDX11.exe, but MalwareBytes does not. It does seem like a false positive, but it would be nice to get some confirmation on this and to get it cleared up.

Trojan:Win32/Emotet!ibt
thats what its called

The exact message I am receiving:

“Microsoft Defender Antivirus found Trojan:Win32/Emotet!ibt in SecretWorldLegendsDX11.exe. Please run a full scan of your device.”

As I noted above, I have performed full scans with both Windows Defender and Malwarebytes, and the latter does not detect the virus.

Like I noted above it’s most likely a false positive from WIndows Defender. From what I have been reading, people have noted the same issue on some other Steam Games in the last couple of days, so the common factor seems to be Defender and whatever MS coughed up in their last update.

I’ve scanned now with 3 AV products and found nothing untoward.

problem solved!

It seems there’s a solution on Reddit

sol742×506 54.3 KB

My previous post being marked as solution, I won’t edit it. I just wanted to add:
« The guy using Linux points out the solution to Windows users, oh the irony »

This seemed to work, until I rebooted my computer. The same problem then cropped up. Only way around it right now appears to be taking the steps outlined above at every startup or adding SecretWorldDX11.exe as an exception to Windows Defender. I really hope Funcom gets this cleared up.

ADDED IN EDIT: Just experienced the virus detection again after performing the signature update above. So it seems my only option is to add SecretWorldLegendsDX11.exe to the Windows Defender exception list. I hope Funcom works urgently with Microsoft to resolve this problem. Already there are negative reviews of the game appearing on Steam claiming the game contains a virus.

I can see that conversation going well:

MS Agent 1: “There’s a guy on the phone that says our AV is destroying their game.”
MS Agent 2: “Is it a game that we make money from?”
MS Agent 1: “Nope.”
MS Agent 2: “Hang up , dude.”

Seriously though, like @krumpf of Linuxheim shares above, Microsoft already know that it’s a false positive. They’ve fixed it in “later” signature files, but the way those signatures get distributed is uneven at best.

The detection “issues” haven’t just affected SWL, either; I’ve seen chatter on a couple of other game forums, so whatever MS changed may be targeting a development framework or tool rather than something game specific…

If Funcom would officially acknowledge they are aware of the problem and working on it, that would go a long way towards satisfying customers experiencing this issue. It’s what reputable companies should do, and that’s not a lot to ask.

We are aware that Windows Defender appears to be flagging Secret World Legends as Malware, and appears to be exclusive to that particular antivirus program. We’ve submitted the game client to Microsoft for review on their end. In the meantime, some folks have reported success with updating their definitions.

I have the same issue.
reset and updated windows defender signatures and reinstalled SWL, still get Windows defenders flagging SWL as a serious Trojan.

Here’s the response we received from Microsoft:

image1012×550 26.7 KB

Text version:

clientpatcher.exe

Submission ID: [redacted]

Status: Completed

Submitted by: andyb (it’s my email)

Submitted: Feb 17, 2021 9:47:26 AM

User Opinion: Incorrect detection

Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run “MpCmdRun.exe -SignatureUpdate”

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

When in the command prompt (Start Menu ->search for “Command” → Right click and “Run as Administrator”) type cd “C:\Program Files\Windows Defender” to be taken to that directory

image977×513 12.5 KB

Yeah, I get an error when I Run “MpCmdRun.exe -removedefinitions -dynamicsignatures” so I’ve just added the SWL folder as an exception on Windows Defender, works fine now… but hopefully a better solution will come along. The message I get is this:

Starting engine and signature roll back to last known good…Failed! Error 0x800106ba

Anyone else getting this?

Andy! Gamemaster Odoneptera! Hello. Greetings. Uhm, I have seen something in that fix: I read that a lot of times this WinDef issue on SWL chats. It’s nice it’s claimed the directory shall be changed, but 90-95% of SWL players don’t know how to code like we do. Please add a line like,
cd “C:\Program Files\Windows Defender”
Thank you.
[11:35] [General] [Krumpfyne]: i bet most people don’t read the “open as admin”

i just uninstalled the game and then reinstalled it.
worked for me.
had to find and usethe uninstaller from the funcom folder