Paranoid thought here - could your AV software be infected?
Pretty unlikely - if it were, it would be getting you to replace Word or something popular I think.
yeah, no:D i dont think that wouldāve happened without my notice since i bought a completely new machine and installed everything fresh and licensed, and i specifically keep an eye out for such things with the new machineā¦daily full timed scans etcā¦if i check on my old machine (a laptop from 2016) which i still have, its infested because that was like a machine which i didnt care about and installed everything without caring about the alertsā¦and that is where i started playing SWL as well
Right now itās not failing at the game exe. Itās failing when updating the patcher (I was installing from scratch). Did you send in your patcher executable as well?
Pretty sure I did, but you can safely whitelist it at this point. Which specific .exe is it flagging? I can try that one again.
Secret World Legends\PatcherSetup.exe.tmp for Trojan:Win32/Emotet!ibt .
Are you also sending in a ālive versionā (patched from running the actual install and patch process) or a locally built version? (I.e. the Version you are expecting to āsend outā).
If the latter, a compromise of the patch servers (as has been happening to others lately like Solar Winds or Nox) is not out of the question. That is why I donāt feel 100% fine whitelisting.
(Also losing Lifetimer login bonuses until this is resolved 
)
The versions Iāve sent are the plain clients, I donāt have some special version of the game at home. Is this the Steam version or our version?
This is your version. Fresh install, when the patcher tries to update itself the first time.
I just received new Defender stuffs and tried it again with the same result. Please note itās not PatcherSetup.exe at the point it gets Quarantained, itās PatcherSetup.exe.tmp.
Also, to reply to āI donāt have some special version of the game at homeā, what I meant was that if the programmer handed you the version to pass on to microsoft directly it could be maliciously
changed once itās gone through the patch process, and not that you got the version from installing the game normally. Since you wrote āat homeā Iām assuming youāre sending on the Version that you get from normally installing and patching the game and not the exe itself that is put into your patch infrastructure which is the ideal way to do it.
Guy using Linux reading this thread
I canāt seem to reproduce the issue with the specific temp file cited; are you able to DM me and send me the file in question if possible? Either in a dropbox or google drive link or anything like that is fine.
edit: got a copy
1 Like
This is the base Funcom client (not Steam) from last week:
Now, the .tmp file appears to be different from the actual .exe, it looks like WD is flagging the temp file before the .exe is actually created as something and quarantining it (if youāre updating from an older version, for example).
Also just to be sure, I rescanned the file just now on the Microsoft submission page:
So if I can get a copy of the temp file maybe that will help?
edit: got a copy
1 Like
I got a copy of the .tmp file and submitted it. Hopefully we get a response soon!
edit:
Initial scan shows nothing. Maybe an analyst will find something more. Virustotal also shows the file is completely clean.
2 Likes
Patching the patcher now worked, thank you. Hopefully the rest of the install will now go smoothly! 
Edit: Install worked without further issues.
3 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.