Crusader Kings II is not a virus

The game Crusader Kings II by Paradox Interactive is reported by Comodo as a virus. It is sandboxed and so on.

I’ve been able to fix the problem myself before by allowing the game to connect and so on, but things have now gone from bad to worse. Comodo doesn’t even warn me that it’s quarantinening Crusader Kigns and the game just crashes on startup.

The problem has been going on for a year. I have reported this before. So have many other players of the game. Comodo hasn’t updated its wrong identification of Crusader Kings and it has caused problems for players. On the Paradox forums I’ve read about people who’ve changed AV because of this because they don’t want to fight every time the game updates with a new patch.

Last time I wanted this updated, they asked me to send a file. I am NOT going to send anyone my ckii.exe. That’s piracy. YOU update it now and get rid of the problem and let us play the game we paid for.

Please report any files wrongly flagged as malicious through this page.

Also, to make sure that the files aren’t sandboxed, you can submit them to be whitelisted in this topic.

That page asks me to submit a file. What file is that? I’m not going to send the ckii.exe anywhere. Besides, it’s larger than 10mb’s.

Hello Antiscamp,

Since you don’t want to give us the detected file, can you please check your Comodo Internet Security logs (assuming you are using the latest version they should be in “Tasks”>“General Tasks”>“View Logs” >“Show”> “Antivirus Events”) and let us know the complete malware name for any file belonging to the game that was detected. If possible also provide VirusTotal links for the same files (or SHA1 of the file(s) ). Thank you!

Best regards,
FlorinG

This is the “Malware” name that comes up in the log

TrojWare.Win32.ButeRat.PP@288352594

You can also upload it to VirusTotal and post a link to the results. That way Comodo can download the file through VirusTotal.

Hello Antiscamp,

Please provide a VirusTotal link or the SHA1 of the detected file so we can fix this.

Best regards,
FlorinG

Is this what you mean?

Hello Antiscamp,

The sample you have provided details about has been whitelisted, can you please check if everything is alright now?

Best regards,
FlorinG

Well, I’m playing Crusader Kings II right now without any sort od startup problems for the first time in a year, so yes, the problem is solved. I scanned the Crusader Kings files with Comodo and it returned no problems at all. I then started the game and it fired up alright.

This saves both Comodo and Paradox a lot of trouble, and I personally know how to proceed to report if there are problems in the future.

Thank you guys for your swift work! I’m now going to share the news on the Paradox forums as well to let other players know that it works fine.

:slight_smile:

I am having the same problem. Here is a link to VirusTotal.
Do we have to send these files on every update of the game or can you fix your detection system?

Hi Mavromatis,

Thank you for reporting this.
Can you please submit the detected file to us. so we can check it.
(Comodo Antivirus Database | Submit Files for Malware Analysis)

Regards,
Priyadharsini.G

I had the same issue as well. Here is the VirusTotal link.

The file is larger than 10 MB, so cannot be submitted via the link you provided.

Incidentally, before finding this thread, I attempted to use the live support via GeekBuddy that the prompt informing me of the ‘malware’ suggested. The person at the other end tried to pressure me into upgrading from the free version of Comodo, buying one of the professional versions, saying that I could not be helped until I did so. Rather annoying, and I’m glad I googled the ‘virus’ name while chatting, and found this thread.

Hi Jorlem ,

Thank you for reporting this.
We’ll check it and get back to you soon.

Best regards
Qiuhui.■■■■

Hi Jorlem,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <16447> of Comodo Internet Security Version<6.1.276867.2813> and confirm it.

Best regards
Srinivasan.G

I don’t think that update fixed it. I got the same false positive today.

Here is my Total Virus Link VirusTotal

Hi JakTar,

Thanks for reporting.
Could you please submit the detected file at
Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year.

Regards
Qiuhui.■■■■

Can’t you harvest files from vt ? … 88)

Yeah…AFAIK vendors have access to the database…

I tried. Its too large as per previous posts from others earlier in this thread.