Jump to content

CFSM 1.5.3.0 virus when saving/downloading


jamiegrover1973

Recommended Posts

  • Developer

Based on a number of recent reports, the latest Windows Defender update doesn't play well with CFSM.   Rest assured it is a false positive.  Just allow CFSM to run when Defender asks.

  • Like 1

Are you tired of AV False Positives???  Now accepting donations on my website (Click Here)  Your donation will be used towards buying a code signing certificate.   CGT is now compatible and safe to use with Rocksmith® 2014 Remastered ... 

 

Latest Build of Custom Game Toolkit (CGT) w/ Game Save Gigbox       Latest Build of Rocksmith Toolkit       Latest Build of Customs Forge Song Manager (CFSM)

 

All bug reports and help requests please include your: OS, CPU, AV, .NET Framework versions along with a description of the issue (include screenshots of error if possible).  It should go without having to say ... make sure you are using the latest build before submitting bug reports or asking for help.

 

*  Remember to use your magic words (please and thank you) if you would like a response.  Don't use phrases like 'thanks anyhow' as it is demeaning.

Link to comment
Share on other sites

If CustomsForgeSongManager.exe already been taken out by windows defender (like mine was) you can do the following to restore the file

 

- Hit the windows key, and type Security :"Windows security" will show up at the top of the start menu. hit enter

 

- The window that pops up should say "security at a glance"  and right below that you should see a shield that says "virus & threat protection"

 

- Click on the shield and then a new menu will show up

 

- look under the heading "Current threats" and you should see a link called "Protection History" > click on it.

 

- In this menu that comes up next, you will see "threat blocked", Threat quarantined" or "Threat removed or restored" >click on the arrow of the item that is closest to the time of you trying to open CFSM.

 

- When you click on the arrow down it will pop up with a User Access Control window, click yes to allow access

 

- After accepting the UAC window, In here is where it will give you details about what defender has blocked, and why. 

 

- Under Affected items,  You should see the following (you might only see one of them, in which case go and look at the threat from the list below.  - These three are the shortcuts and the main program itself.)

  • file: C:\Program Files (x86)\CustomsForgeSongManager\CustomsForgeSongManager.exe
  • file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CustomsForge Song Manager\CustomsForge Song Manager - Latest Build.lnk
  • startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CustomsForge Song Manager\CustomsForge Song Manager - Latest Build.lnk - Click on the arrow on the right side that says “Actions” then click “Restore” 

 

It should then restore CustomForgeSongManager  and any associated links back to their original homes.

 

Hope this helps!!! 

Link to comment
Share on other sites

  • Developer

@Starchyld  Any idea why Defender is quarantining these two files? 
 

  • file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CustomsForge Song Manager\CustomsForge Song Manager - Latest Build.lnk
  • startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CustomsForge Song Manager\CustomsForge Song Manager - Latest Build.lnk - Click on the arrow on the right side that says “Actions” then click “Restore”

All they are is freak'n shortcuts.  Just goes to show how fluky Defender is being.  I am currently searching for workarounds.  Thanks for explaining the file restore process to users.
 

Are you tired of AV False Positives???  Now accepting donations on my website (Click Here)  Your donation will be used towards buying a code signing certificate.   CGT is now compatible and safe to use with Rocksmith® 2014 Remastered ... 

 

Latest Build of Custom Game Toolkit (CGT) w/ Game Save Gigbox       Latest Build of Rocksmith Toolkit       Latest Build of Customs Forge Song Manager (CFSM)

 

All bug reports and help requests please include your: OS, CPU, AV, .NET Framework versions along with a description of the issue (include screenshots of error if possible).  It should go without having to say ... make sure you are using the latest build before submitting bug reports or asking for help.

 

*  Remember to use your magic words (please and thank you) if you would like a response.  Don't use phrases like 'thanks anyhow' as it is demeaning.

Link to comment
Share on other sites

I am assuming that it is flagging the shortcuts mainly because the reference the exe file.   that way you dont wonder where the exe file went....

 

The exe is being flagged as threat detected:  Trojan:Win32/Zpevdo.A

 

I reported it to microsoft as being a false positive.  Sophos home does not seem to think its a threat at all.  

Link to comment
Share on other sites

I always run into this problem everytime Windows Defender get an update.  CustomsForgeSongManager.exe is always being flagged as a trojan and automatically quarantined.  I had to go to the threat history and unquarantine the file.

 

Since I needed to update CFSM,  I uninstalled and downloaded the latest build.  I had to do the following extra steps before unpacking the .rar file:

 

1) Right click on the installer archive and choose properties.

2)  If your file is suspected as a virus, it will have a security option in the General settings,  put a check mark on the unblock option.  Click apply exit.

3) Unpack and run the installer.

 

If you don't want Windows Defender removing the executable everytime there is a Windows Defender update, do the step below, but may be risky:

4) To insure Windows Defender won't remove the executable, go to the Virus & threat protection settings.  Add the executable CustomsForgeSongManager.exe in the exclusion option so it does not get flagged as a virus.  

 

Now, Windows Defender will not flag and quarantine the file any longer.  The only problem here is if in the future that if it is actually infected, then my machine will be hit by a trojan. 

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

By using this site, you agree to our Guidelines. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. - Privacy Policy