My Antivirus software (bitdefender 2019) is identifying Gen:Variant.Adware.Symmi.87092 when the Sigma XL Launcher attempts to download Sigma. I tried downloading directly and scanned the 7z file rather in case it was detecting something on the host. After downloaded, scanned the file and found the same thing.
What's the deal?
Antivirus detects threat in D2Sigma.7z download
Decided to unzip and scan the contents. Now shows the same threat in D2Sigma.dll.
Also, uploaded to virustotal and 8 of the engines detect it as a threat.
Also, uploaded to virustotal and 8 of the engines detect it as a threat.
If by "D2Sigma.7z download" you mean the content that was downloaded by the official launcher there is nothing to worry about. As long as you get Sigma files from the official source it should be fine. Some antiviruses might detect D2Sigma.dll as a malware because it's using the similar technique to modify the game code. And if you willing to know why it's done that way and not the other (safe) way, unfortunately it's nearly impossible to do so without having the entire d2 source code. Even applying some small fixups to the existing exe/dll requires quite a lot of tedious work and in case of D2Sigma.dll it's not a small fixup by any means.
SwineFlu wrote:If by "D2Sigma.7z download" you mean the content that was downloaded by the official launcher there is nothing to worry about. As long as you get Sigma files from the official source it should be fine. Some antiviruses might detect D2Sigma.dll as a malware because it's using the similar technique to modify the game code. And if you willing to know why it's done that way and not the other (safe) way, unfortunately it's nearly impossible to do so without having the entire d2 source code. Even applying some small fixups to the existing exe/dll requires quite a lot of tedious work and in case of D2Sigma.dll it's not a small fixup by any means.
BitDefender blocks the download via the patcher entirely. I downloaded manually via browser. Where do I need to dump the DLL file so I can add an exception in the right place?
kormonnaut wrote:BitDefender blocks the download via the patcher entirely. I downloaded manually via browser. Where do I need to dump the DLL file so I can add an exception in the right place?
You can temporary disable your protection or add an exception to the Median XL Web Setup.exe manually. And if you still decided to use the archive which you downloaded from web, the dll and other Sigma related files are supposed to reside within the game folder.
I've tried whitelisting the Diablo program directory, the Median Launcher directory, disabling on-access/on-demand scanning, and the various online threat prevention features. I'm done. I'll go back to PoE until this thing doesn't match a known threat signature.
This is what the error log shows, btw:
[2019-01-19 14:00:16 1:00] Error: Command failed: "C:\Users\[Name]\AppData\Local\Programs\Median XL Launcher\resources\app.asar.unpacked\node_modules\7zip-bin\win\x64\7za.exe" x -aoa "F:\Program Files (x86)\Diablo II\1.0.0.dll.update"
ERROR: Can not open output file : Access is denied. : .\D2Sigma.dll
This is what the error log shows, btw:
[2019-01-19 14:00:16 1:00] Error: Command failed: "C:\Users\[Name]\AppData\Local\Programs\Median XL Launcher\resources\app.asar.unpacked\node_modules\7zip-bin\win\x64\7za.exe" x -aoa "F:\Program Files (x86)\Diablo II\1.0.0.dll.update"
ERROR: Can not open output file : Access is denied. : .\D2Sigma.dll
Before leaving us at last you can try to move Diablo2 into a different directory, program files folder might be the cause of your problem. This folder requires some special permissions so it's better stay away from it if you're installing some games or other generic stuff.