ESS and EADM

I recently purchased a few games at the EA Store UK and started downloading them with EA Download Manager (EADM).

On every one of the games, ESS detected the serial authentication utility (like Mass Effect 2_code.exe) as being a variant of Win32/Kryptik.AMD trojan.

It also stated the following:
Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Electronic Arts\EADownloadManager\EACoreServer.exe.

This apears to be a false positive (at least according to EA) and, by deleting the serial authentication utility, it doesn't allow the game to install (since it doesn't find the utility nor a valid serial).

Now, I went to the quarantine and restored the files and added the EA Downloads folder to ESS's exclusion list. The games installed fine and are playable.

This post is just to warn about this false positive.

 

Thank you Ideafix. I will see if our research team can look into this.

Regards,
Richard

 

Hello. My name is Craig Nielsen and I work for Electronic Arts on, among other things, the EADM product. We have a fix/workaround for this issue coming out pretty soon.

I thought I'd share the details with the affected customers who end up in this forum as well as with the AV product makers in case this affects other applications the same way.

The problem appears to be a result of the AV program analyzing the files that are being downloaded in between buffer writes. EADM allocates the space required for the game installation files at one time then backfills them as the data comes in. In between buffers we were closing the file and thus allowing an opportunity for AV apps to scan that partial file. Now we keep the file open until completed.

Regards,
Craig Nielsen - Software Engineer for EA Download Manager
Electonic Arts - Redwood Shores, CA