nasch007

Member
Gender
Male
Greetings,

I have had no issue setting up and playing this game from home. Coming from an Ultima server. I didn't transfer I just heard this is a better community so I decided to download Ephinea and start from scratch.

At home I have no issue. At work, however, when I launch the game I get ! DLL ERROR ! on the main screen. Everytime the launcher opens, it tries to update ephinea.dll.

I see the file in the folder, but then it disappears.

I believe this file is a false-positive for Sophos anti-virus. Is there a way to digitally sign the file or something like that so it is ignored by Sophos? I don't have access to Sophos' settings since they are controlled by the Network Administrator... I can't exactly ask for it to be unblocked so I can play games :)

What say you? Do I have any options? Or am I boned?
 

Sodaboy

K-RAD!
Staff member
Gender
Male
Guildcard
11111111
Firstly, you shouldn't be playing at work. ;)

But, I don't know if digitally signing the DLL will help. If you can't white list it in your AV program, you're probably boned. I can try to contact Sophos and ask them to white list it since it's not a virus. Antivirus programs are very aggressive to 3rd party applications, though, and you can expect the DLL to be updated over time, so if they only white list one version, it wouldn't be helpful.

Oh, an alternative EXTREME you could do would be to set up a VM using using Workstation Player at https://www.vmware.com/products/player/playerpro-evaluation.html

Download the game using that and install it, then the AV wouldn't even realize it's there.

Just some EXTREME workaround...

I'm surprised they don't even allow you guys to put manual exceptions at your job without contacting the IT. :p
 

nasch007

Member
Gender
Male
Firstly, you shouldn't be playing at work. ;)

But, I don't know if digitally signing the DLL will help. If you can't white list it in your AV program, you're probably boned. I can try to contact Sophos and ask them to white list it since it's not a virus. Antivirus programs are very aggressive to 3rd party applications, though, and you can expect the DLL to be updated over time, so if they only white list one version, it wouldn't be helpful.

Oh, an alternative EXTREME you could do would be to set up a VM using using Workstation Player at https://www.vmware.com/products/player/playerpro-evaluation.html

Download the game using that and install it, then the AV wouldn't even realize it's there.

Just some EXTREME workaround...

I'm surprised they don't even allow you guys to put manual exceptions at your job without contacting the IT. :p

HEH. Of course I shouldn't, but... I run a 200 seat computer lab and it gets awwwfullly slow at nights. Having something like PSO is perfect because it will drain the long hours and I can always pause and come back to it and stuff.

If you could ask Sophos to whitelist ephinea.dll that would be awesome. I have no idea why Ultima would run but apparently they don't trust yours lol. I thought about submitting the sample and asking them to whitelist but I can't have it come back to me (for obvious reasons ;) )

In the meantime, there is a workaround... of course it involves editing the services and turning OFF the virus scanner but of course that's never a good idea.

I thought about a VM but I fear it may drag my machine... there's a lot of other programs I run too. That and I don't know if a VM would have direct hardware access to the video card. Sounds like a long, worst case scenario type workaround. But if Sophos doesn't get back to you then I'll do what I must.

Thank you for the quick response and thank you for the work on the server. Until now this has been a lot more painless than Ultima.
 

nasch007

Member
Gender
Male
Sorry about the double post, by the way. I didn't realize Ephinea had it's own section when I posted earlier.

Thanks again!
 

nasch007

Member
Gender
Male
Thought I should update. Sophos detects the ephinea.dll file as "Mal/EncPk-AAL". I don't know if that is useful information if you're going to report it or if they ask.

Thanks again!
 

Mylandra

Member
No, that's not how it works, if you report the file as a false positive to the company, all they fill do is unflag that specific hash after analyzing the file which is going to change on the next update therefore making this operation useless lol

If an antivirus flags a file as « malware » because it's encrypted, it's mostly to do with malware encrypting their code to hide themselves and if the antivirus can't read the data properly, it will flag it for you to be careful with said file as it cannot determine it's legitimacy.

Under normal circumstances, you can say it's fine I take the risk of running it regardless of its content, but since you're at job, you can't just ask the admin to allow such files on the network. It'd be a huge security breach for your job network if you could just add any random file to the antivirus white list.
 
Last edited:

nasch007

Member
Gender
Male
No, that's not how it works, if you report the file as a false positive to the company, all they fill do is unflag that specific hash after analyzing the file which is going to change on the next update therefore making this operation useless lol

If an antivirus flags a file as « malware » because it's encrypted, it's mostly to do with malware encrypting their code to hide themselves and if the antivirus can't read the data properly, it will flag it for you to be careful with said file as it cannot determine it's legitimacy.

Under normal circumstances, you can say it's fine I take the risk of running it regardless of its content, but since you're at job, you can't just ask the admin to allow such files on the network. It'd be a huge security breach for your job network if you could just add any random file to the antivirus white list.
So then the only way around it is if the .dll file is incorporated into the exe or if the .dll is made unencrypted? I see a lot of people on the forums asking about this (game crashes/keeps patching/fails to launch) and the solution/issue is almost always the virus scanner. What are the odds of yall just unencrypting the .dll so it doesn't give off false positives for malware? Yall made Telethea open source, right? Not saying Ephinea should be open source but not encrypting the .dll could save a lot of people some headaches. Just something to think about. I loathe the thought of going back to Ultima :(

Thanks for your help and attention to this issue.
 
Top