[SOLVED] EasyAntiCheat false positive

Container for RESOLVED incidents, queries SOLVED by the experts, EXPIRED topics or those that have been CLOSED by the users.
Locked
User avatar
EasyAntiCheat
Registered user
Registered user
Posts: 1
Joined: Tue, 01 Mar 2016, 20:40

[SOLVED] EasyAntiCheat false positive

Post by EasyAntiCheat » Tue, 01 Mar 2016, 20:56

Hi,

We have a problem with Panda Antivirus which is preventing EasyAntiCheat service from starting and loading our Windows kernel driver into memory. We have sent our software package (including kernel-driver and code-signing certificates) to falsepositives@pandasecurity.com at 22.2.2016 but we have not received any response. Could you inform us what is the situation of this false positive request?

Let me explain this issue in more detail:

EasyAntiCheat is a game security solution used to prevent hacking in online PC-games. We work by sandboxing the game and our kernel-driver protects any code injections, hacking attempts etc. to the game process. Due to the way EAC works we have had problems with other anti-virus companies as well, and we are a trusted white-list partner with many of the major security companies. Companies/products such as F-Secure, Avira, Avast, G-Data and Symantec have white-listed our code-signing certificates in order to solve the false positive issue completely. This means that when our software changes it won't cause the white-listing suddenly to stop working.

The problem is that in order to white-list EasyAntiCheat you would need to white-list our code-signing certificate that is used in the EasyAntiCheat.sys file (our Windows kernel-driver). The kernel driver is streamed from our CDN every time the player opens the EAC protected game and the streamed kernel-driver might change sometimes 5-10 times a day. This means that any checksum-based white-listing won't work as the checksum could change in a matter of hours.

I hope that you can forward our message to some higher level department in your company that handles requests like this. Panda blocking EasyAntiCheat is not a major issue for us but I would assume that it will give a bad impression from your software as EasyAntiCheat is being used in over 14 popular PC-games and we have over 300 000 daily unique users world-wide. During the last 1,5 years EasyAntiCheat has been used by over 12 million unique users around the world, so this issue might be a real burden for your customers as they need to completely disable Panda in order to play any EAC protected game.

User avatar
VirusBuster
Official moderator
Official moderator
Posts: 7596
Joined: Mon, 02 Apr 2012, 18:53
Location: Panda HQ - Bilbao

Re: EasyAntiCheat false positive

Post by VirusBuster » Thu, 03 Mar 2016, 17:04

I have created a folder in our FTP for you to upload the files
I'll send you a PM with the access details in a few minutes
Regards,

Image
Jorge Torre
TechSupport Department - Panda Security

I don't reply to private messages unless I have previously requested them

User avatar
VirusBuster
Official moderator
Official moderator
Posts: 7596
Joined: Mon, 02 Apr 2012, 18:53
Location: Panda HQ - Bilbao

Re: EasyAntiCheat false positive

Post by VirusBuster » Wed, 27 Apr 2016, 16:20

Hi

I have just received the confirmation that the whitelisting will be completed with tomorrow's signature update/synchronization
Regards,

Image
Jorge Torre
TechSupport Department - Panda Security

I don't reply to private messages unless I have previously requested them

Locked

Return to “Virus - Archive Issues”