Sophos Anitvirus Blocking Everquest

Discussion in 'Player Support' started by Looming, Jun 19, 2018.

  1. Looming New Member

    While I understand this mot likely is something not related to a change in EQ, it seems pertinent to share that this happened and only recently.

    Simply put when trying to login to a server Sophos antivirus has terminated everquest with the report following below.

    I am busy this morning so don't have time to really figure out why the change, it has been about 5-6 days since I have logged on to EQ using this computer. Wondering if this is a common occurrence for anyone else. The trace is a bit interesting....


    Mitigation Anti-VM

    Platform 6.3.9600/x64 v617 06_3a
    PID 11352
    Application C:\Users\Public\Daybreak Game Company\Installed Games\EverQuest\eqgame.exe
    Description eqgame.exe

    VirtualPC
    Process Trace
    1 C:\Users\Public\Daybreak Game Company\Installed Games\EverQuest\eqgame.exe [11352]
    "C:\Users\Public\Daybreak Game Company\Installed Games\EverQuest\eqgame.exe" patchme /ticket:dh36rsYtEIZt3eOY
    2 C:\Users\Public\Daybreak Game Company\Installed Games\EverQuest\LaunchPad.exe [9892]
    3 C:\Windows\explorer.exe [5916]
    4 C:\Windows\System32\userinit.exe [7808]
    5 C:\Windows\System32\winlogon.exe [5528]
    C:\WINDOWS\System32\WinLogon.exe -SpecialSession
    6 C:\Windows\System32\smss.exe [3148]
    \SystemRoot\System32\smss.exe 00000000 00000050 C:\WINDOWS\System32\WinLogon.exe -SpecialSession
    7 C:\Windows\System32\smss.exe [372]
    \SystemRoot\System32\smss.exe


    Hope everyone else is logging in fine!
  2. AlmarsGuides Augur

    My computer speak isn't too good but I think the end of that crash is Everquest trying to launch Internet explorer; which it does when you log out on a Silver or Free to Play character.

    Also, never heard of Sophos Antivirus
  3. Numzan Augur

    You will have to exclude it, and any processes that come after.
    Corwyhn Lionheart and moogs like this.
  4. moogs Augur

    They're one of the best in the business. For the most part, their tools are not very intrusive and allow users to get on with their daily business. Besides antivirus, they have tools to lock down and trace the source of ransomware attacks and other emerging threats. (Also, their North American HQ is 1km from my home.)
  5. jeskola pheerie

    This is EQ's Virtual Machine (VM) detector. Running eq through a VM is supposed to be a perma-bannable offense. Sophos is considering this detector a malicious intrusion.
  6. Looming New Member

    I am a bit confused by this. I am on a Lenovo Thinkpad, using Windows 8.1 Enterprise using the Everquest launcher, in what way am I breaking the Eula?

    I think you are correct with the source of the issue, which I guess relates to some recent update from Sophos( or maybe there addition of ) as I have been using this computer with Sophos for several years. I guess I will get banned and you'll gladly never see me again! I'll find away to make en exception in Sophos for the VM detector.
  7. Sirene_Fippy Okayest Bard

    I have used these exclusions for AV software for past few years. The last time I had a problem was with AVG (I think) and I switched to something else. These days I use windows defender.

    [IMG]
  8. CatsPaws No response to your post cause your on ignore

    Sophos thinks the VM detector that EQ uses is a virus. Its not that EQ thinks you are actually running anything wrong. Its on Sophos side not EQ side. This happens with a few EQ files now and then - anti virus programs up date and think something in EQ is a virus. Just make the exception and you'll be fine. :)
  9. moogs Augur

    You're not doing anything wrong. Daybreak is.
    jeskola likes this.
  10. Geroblue Augur

    I have my anti-virus set to 'ask me and I'll let you know'. Basically, it pops up a requestor. On the resquestor it says 'allow' and 'don't allow'. It saves my choice.
  11. MaddielynBlackStar Lorekeeper

    So you can't use Wine and Linux anymore?
  12. jeskola pheerie

    The vm detector from eq is not new, only the sophos malicious software flag is.
    [IMG]