Jump to content
qwerty123

Path of Exile - Ongoing False Positive

Recommended Posts

Greetings, I reported a false positive for the Path of Exile game several months ago on the website submission form.

It might have been partially addressed, as it's not a constant spam of Warnings like it was before. However, it still occurs most times I leave the game, usually many minutes later after the game has long been closed and hasn't been in Task Manager the whole time, which is a little odd.

If that makes no sense to you at all, the only thing I can think might be related is that I run some autohotkey helper macros to launch/alongside the game, and I time them out on a fixed ~5 minute timer. Perhaps that's when Immunet picks up what it thinks is weird behavior and traces is back to the game's .exe.

Running the latest version of Immunet (7.3.2.11960). Also occurred before updating. There's nothing related in the File History nor Quarantine.

image.png.9e284cc8152d19d38efd74fea25985e3.png

 

Edited by qwerty123

Share this post


Link to post
Share on other sites

Hi qwerty123,

Have you tried to add a custom Exclusion rule for the autohotkey app(s) with Immunet? If not, give that a try and see if that fixes the issue. Just make sure you exclude the correct file path(s) for the app(s).

  • Like 1

Share this post


Link to post
Share on other sites
On 11/7/2020 at 5:58 PM, ritchie58 said:

Hi qwerty123,

Have you tried to add a custom Exclusion rule for the autohotkey app(s) with Immunet? If not, give that a try and see if that fixes the issue. Just make sure you exclude the correct file path(s) for the app(s).

Oh I didn't know about manual exclusions. Excluding pathofexile_x64.exe didn't help. Then I excluded 3x .ahk files and YoloMouse (launched by a macro). Seems to be good now.

Share this post


Link to post
Share on other sites

Glad I could help out qwerty123. If you encounter any other conflicts between Immunet & the game or mouse apps let me know.

Best wishes, Ritchie...

  • Like 1

Share this post


Link to post
Share on other sites

Short-lived, I didn't adjust anything since then and haven't really been playing

Today I launched and kept the game open for a while doing minor stuff. Noticed many hours later that Immunet had popped up a whole bunch of warnings at some point. Not sure if it was during or after play.

image.png.040f393886417c28ec265e0987b3282c.png

Share this post


Link to post
Share on other sites

If you created a C:\Program Files Exclusion for the game that should have worked!

No mistakes can be made with spelling, spaces, etc... associated with the file path or the exclusion won't work. If you manually typed in the file path the first time around try using the Exclusion's "Browse" feature this time.

Also, try excluding the game's "entire Program Files folder" if you didn't last time.

Here's how...

Open Settings -> scroll down to Add New Exclusion & click on that -> click on the Browse button -> find the correct Program Files folder and click on the folder itself -> click on Add Exclusion -> click Apply -> click Close.

You can delete the old exclusion after you create the new one.

I hope this info helps qwerty123
Best wishes, Ritchie...

  • Like 1

Share this post


Link to post
Share on other sites

I wish a support person would/could add some insight into this issue. Adding the entire games' C:\Program Files (x86)\ folder directory to the exclusion list should have worked. Unless...

Immunet does have additional behavioral blocking capabilities too so maybe that's the issue. Immunet thinks that the games' executable is possibly "unknown malicious code" trying to execute on your system would be my extrapolation.

Mmm, try adding another exclusion for the file path of the executable file that's being shown with the warning dialog box. That is: C:\Program Files (x86)\Path of Exile\PathOfExile_X64.exe (great idea to add the screen-grab btw!).

Also, try turning off "Blocking Mode" in Settings too.

Regards, Ritchie...

 

  • Like 1

Share this post


Link to post
Share on other sites

Wow! I can't think of anything else for you to try qwerty123, I'm at a loss. Sorry I couldn't help ya bro!

I would normally recommend that you submit another FP report to the devs but the FP reporting URL seems to be non-functional at this time which comes as no surprise to me given the current circumstances.

With no technical support on this site anymore and other on-going issues (such as the FP URL not working & the continuing EX0 server error messages with this site to name a few) I know I'm starting to get quite perplexed as to why Immunet was/is being so neglected for so many months now.

I know there's a pandemic going on but other AV company's don't seem to have problems providing expert technical support for it's users in spite of that fact.

Must be that this software is a "extremely low" priory with Cisco right now.

If things don't improve soon I don't think I will want to remain involved with this project. That's how frustrated I'm becoming!

"I don't want to attempt to support, which I'm increasingly starting to believe is, just glorified abandonware for much longer!"

Everyone has only so much patience before it's expended.

Seeing software that once had such great potential (and still does actually) that I've been personally involved with for well over 10 years go by the wayside really sucks!

Ritchie...

  • Thanks 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...