Malware warning when installing mandatory update after sim reinstall

Are you using Developer Mode or made changes in it?

No

Have you disabled/removed all your mods and addons?

Yes, just reinstalled MSFS today (onto D-drive) after formatting the D-drive. Windows 10 was also installed new about 2 weeks ago. All flightsim-related software removed before.

Brief description of the issue:

Sim resinstall after MSFS kept “not responding” in task manager and various other issues. All flightsim-related software/addons uninstalled (using Revo uninstaller). Formatted D-drive, installed sim on the D-drive. After the initial 125GB install (i.e., no WU or Marketplace installs), restarted PC and started sim. At the “checking for updates” screen, there was a manadatory update of 2.56GB trying to install microsoft-airport-kffa-firstflight-0.9.7.fspackage, during which a Windows Defender warning popped up. Installation “finished”, but upon restarting the sim, the same update wants to install, with the same error from Windows Defender. There is no way to exit this loop.
It’s been reported by a number of other people in the last 6 hours in [an older thread here].(Su 11 update failing)

Provide Screenshot(s)/video(s) of the issue encountered:

2023-03-19 17 01 28
2023-03-19 17 03 35

Detailed steps to reproduce the issue encountered:

Restarting sim.

PC specs and/or peripheral set up if relevant:

As this is a new install, no peripherals except keyboard and mouse, one external screen. Lenovo T7, i7-10700KF, 32GB, 3060ti.

Build Version # when you first started experiencing this issue:

1.30.12.0


:loudspeaker: For anyone who wants to contribute on this issue, Click on the button below to use this template:

Do you have the same issue if you follow the OP’s steps to reproduce it?

Provide extra information to complete the original description of the issue:

If relevant, provide additional screenshots/video:

Do you have the same issue if you follow the OP’s steps to reproduce it?

Yes, same file and program version / update, different Trojan/Backdioor.

Provide extra information to complete the original description of the issue:

Also present on the game via Steam, bought today, installed as a fresh install.
Windows 11 system, Windows Defender 1.385.456.0 dated 19Mar2023 @ 04:43
Affected file is in my case automatically removed, and MSFR is unable to complete the install.
Ingame notification of pending update, upon executing that update, the same Malware notification arises.

If relevant, provide additional screenshots/video:

Got this when downloading from steam.

update: Fresh install no old files and on a fresh installed windows 10.

1 Like

My MSFS (store) is fully updated and a Windows 11 defender scan shows no threats detected. It seems something else on your system has opened a back door.

1 Like

Yes, latest Windows 10 & WD updates (did it at 16z and again five minutes ago). When installing the above package, WD says threat detected on decompression of the package, there is the above “current threat” notifications. After “start actions”, file is (probably) removed and WD shows no threats upon new scan. Process repeats when restarting MSFS.

1 Like

It has been confirmed that the latest definition update is flagging MSFS. We have escalated to Microsoft.

8 Likes

Do you have the same issue if you follow the OP’s steps to reproduce it?

Yes, same as OP, reinstalling it and downloading content triggers Defender; with a different threat name.

Provide extra information to complete the original description of the issue:

I decided to do a clean install in a new drive and once the installation manager started downloading packages, Windows Defender said it had found and removed a threat.

If relevant, provide additional screenshots/video:

2 Likes

Do you have the same issue if you follow the OP’s steps to reproduce it?

Provide extra information to complete the original description of the issue:

Exact same report from Windows Defender.
Immediately searched on the web for info.
Went back to Windows Defender and threat was not showing, not showing in history

If relevant, provide additional screenshots/video:

1 Like

Thank you. FYI: there have been two or three WD updates since 22z last night, and with each one, the message changes for me between either the Bladabindi or the Wacatac warning.

2 Likes

I just got the same warning (twice) from Windows Defender while performing a clean install of MSFS on a brand new PC. So, this is a false positive, correct?

I almost had a heart attack when a saw these two warnings pop up. As I mentioned above, this is a brand new PC. I’ve installed very few programs on it so far, and most of those are MS programs. It has to be MSFS. ■■■.

Did one of MS’ servers get hacked? Would they even tell us if one (or ten) did?

1 Like

Yeah, likely a false positive due to a bad definition of malware/trojans. WD removes the file immediately, that’s why MSFS is asking to install the same update over and over when restarting the sim. So probably no threat to our systems. I’ll just sit this one out until WD has an update with better definitions. Tbh, given the amount of issues I’ve been having with the sim, this is the least of my problems because at least I know what’s causing it and I don’t waste hours guess working with troubleshooting that doesn’t work.

3 Likes

I got this same warning. I installed MSFS over night and woke up to two malware threat warnings:

  1. Backdoor:Win32/Bladabindi!ml
  2. Trojan:Script/Wacatac.H!ml

Both from this file:
D:\FlightSimulator\Official\Steam\microsoft-airport-kffa-firstflight-0.9.7.fspackage.part

My pc is a brand newly build pc only a couple of weeks old with a handful of games installed from Epic and Steam and handful of purchased apps I can count on ten fingers. The only thing that makes sense is this is a false positive. But NOT a great first impression of MSFS.

2 Likes

The file (microsoft-airport-kffa-firstflight-0.9.7.fspackage.part) shows no malware when scanned through virustotal.

I’m having the same issue today when trying to install a fresh copy same airport and error

1 Like

Thank you for reporting this! We are escalating this issue to the appropriate teams at this time.

4 Likes

Wish I checked the forums before formatting and reinstalling windows several times :smiley:

At least I didnt go down the insane malware road trying to clean it.

My system is also brand new.

Can we remove it from quarantine or whats the plan?

1 Like

Don’t know, but that’s not an option for me anyway. Only have Windows Defender and WD just eats it, no quarantine :sweat_smile:

1 Like

Even after removing the Defender app (“recently installed”), the start-up of MSFS (always a bit slow) is now taking 10 -15 minutes. The internal conversation in Microsoft (“Would this update affect any of our OWN games?”) is apparently not working at all. I will not add the qualifiers I would normally use for this type of behaviour, you can think of them yourselves at MS; they are not ‘service oriented’

Hm, not sure if your post adds anything in a thread about a clear bug that has been acknowledged twice and which has already been escalated. I understand your frustration, I’ve spent the entire weekend troubleshooting, but this is unnecessary and unhelpful.

1 Like

Do you have the same issue if you follow the OP’s steps to reproduce it?

Yes

Provide extra information to complete the original description of the issue:

This has been a new issue; - occurring within th e last week only

If relevant, provide additional screenshots/video:

N/A

1 Like