10 days ago - AndyB - Direct link

We are aware that Windows Defender appears to be flagging Secret World Legends as Malware, and appears to be exclusive to that particular antivirus program. We’ve submitted the game client to Microsoft for review on their end. In the meantime, some folks have reported success with updating their definitions.

10 days ago - AndyB - Direct link

Here’s the response we received from Microsoft:

image image1012×550 26.7 KB

Text version:


Submission ID: [redacted]

Status: Completed

Submitted by: andyb (it’s my email)

Submitted: Feb 17, 2021 9:47:26 AM

User Opinion: Incorrect detection

Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

  1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
  2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
  3. Run “MpCmdRun.exe -SignatureUpdate”

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

When in the command prompt (Start Menu ->search for “Command” → Right click and “Run as Administrator”) type cd “C:\Program Files\Windows Defender” to be taken to that directory

image image977×513 12.5 KB

9 days ago - AndyB - Direct link

I’ll follow up with Microsoft on Monday. What .exe, specifically, are folks using that’s still getting an error? I see one using the dx11 client.

9 days ago - AndyB - Direct link

Microsoft got back to us about the DX11 client and said they’ve cleared it as of this writing. They recommend updating your definitions and trying again.

8 days ago - AndyB - Direct link

Are you using Steam? The Steam version specifically appears to still be giving folks trouble, while the standalone version should be clear. We’ve submitted the Steam DX11.exe and are awaiting a response.

8 days ago - AndyB - Direct link

Yeah, I’m so sorry yall. We’re still waiting on a response from Microsoft after submitting the Steam clients for review. You should be able to allow SWL as an exception to Defender. If defender has quarantined the files, you can recover them by following this guide:

8 days ago - AndyB - Direct link

image1065×46 3.82 KB

We received a response from Microsoft and they said they’ve cleared the Steam DX11 .exe with version 1.331.1487.0. Fingers crossed this works for folks; please let me know if the issue persists.

7 days ago - AndyB - Direct link

Ack, okay, thanks. Is that the plain .exe and not the dx11 one? When we submitted the plain steam .exe to Microsoft, they said it didn’t even trip detection. We’ll try again if that’s the case.

5 days ago - AndyB - Direct link

At this point the best course of action is to add an exception for the game to Windows Defender. We’ve already sent just about every single possible client to Microsoft and had them confirm they’re all clear.

3 days ago - AndyB - Direct link

Pretty sure I did, but you can safely whitelist it at this point. Which specific .exe is it flagging? I can try that one again.

2 days ago - AndyB - Direct link

The versions I’ve sent are the plain clients, I don’t have some special version of the game at home. Is this the Steam version or our version?

2 days ago - AndyB - Direct link

I can’t seem to reproduce the issue with the specific temp file cited; are you able to DM me and send me the file in question if possible? Either in a dropbox or google drive link or anything like that is fine.

edit: got a copy

2 days ago - AndyB - Direct link

This is the base Funcom client (not Steam) from last week:

image890×551 26.9 KB

Now, the .tmp file appears to be different from the actual .exe, it looks like WD is flagging the temp file before the .exe is actually created as something and quarantining it (if you’re updating from an older version, for example).

Also just to be sure, I rescanned the file just now on the Microsoft submission page:

image1070×49 3.45 KB

So if I can get a copy of the temp file maybe that will help?

edit: got a copy

2 days ago - AndyB - Direct link

I got a copy of the .tmp file and submitted it. Hopefully we get a response soon!


image1068×42 3.49 KB

:man_shrugging: Initial scan shows nothing. Maybe an analyst will find something more. Virustotal also shows the file is completely clean.

2 days ago - AndyB - Direct link