11 replies to this topic

[wiesshund]

So as the title says, you may find, if you are running an internet connected PC and using windows defender for anti virus and get the Oct 2 2020 1.325.72.1 update, AND you happen to run Future Pinball

And you run tables that use DOFLinx (whether you have the hardware or not)

 

That suddenly, you can not launch those tables and get an error that FF_Init is undefined

 

And you will check, and find that DOFLinx.vbs is safe and sound in the scripts folder, and you have not changed a thing
and now you are saying WTF why does this suddenly not work???????

 

 

I just found out that it is not working because Defender is blocking Future Pinball.exe from executing external scripts.

 

How did i find this out?
I took a table that did not need DOFLinx, and i simply put in the line to execute the external script

This would of course load the table error free, and in a perfect world, the script would be wholly ignored as the table did not use it.

But, i got a giant ass red error box that said Your anti virus has blocked Future pinball from doing ExecuteGlobal LoadExternalScript

 

I submitted a copy of future pinball.exe and DOFLinx.vbs to MS, with an 1890 word explanation of what was going on, and why that would be unwanted Defender behavior, but who knows when they will address that, especially as no FP author/developer will be contacting them.

 

Here is picture of what you would see, if your table had not already gone beyond that point and tried to run FF_Init
You wont see this error on a real DOFLinx table as it will move beyond that too fast, and all you will see if the FF_Init failure

 

Now the good news part.
You can fix this.

 

 

Open windows security (just type that in the search box)

click the shield in the left icon bar

scroll down and click manage settings

 

click to add an exception and pick file

point it at future pinball/scripts/DOFLinx.vbs

Now your DOFLinx tables will run again.

 

Antiviruses in general, not just MS's, are getting a bit obnoxious with the every vbs is evil thing

they flag my own self written Not remotely malicious vbs scripts as various worms and trojans etc.

 

 

Anyways, i hope this helps someone avoid a bad and frustrating evening when all they wanted to do was play a game of pinball

 

 

[EDIT]
VPX seems to do things a bit differently as i did not notice defender jerking it around, but then VPX does DOF internally

Oh and the funny thing is, defender does not scan DOFLinx.vbs as malicious, so it must be the way that FP attempts to make use of it that pisses it off.

Edited by wiesshund, 03 October 2020 - 07:59 AM.

[TerryRed]

FP by design, restricts access to outside applications.

 

DOFLinx uses it's own method of working with memory slots,etc to allow communication between the FP script and DOFLinx.

 

PinEvent works different in that it accesses DOF / PuP directly similar to VPX (via COM object)... but you need BAM to allow this to work using the iCOM plug-in.

 

So, it's most likely Windows simply not liking either method being used is the real problem (not the vbs files), hence why Defender specifically needs to be disabled (not just exceptions added) to allow both to work on some people's setups.

 

That said.... you still want Defender off as it does cause problems with stuttering on some specific tables on both FP and VPX. Adding exceptions aren't good enough.

 

Myself, I've always had Defender completely disabled for all things related to VP / FP / PuP / DOF, etc.

Edited by TerryRed, 03 October 2020 - 08:18 PM.

[wiesshund]

hence why Defender specifically needs to be disabled (not just exceptions added) to allow both to work on some people's setups.

 

That said.... you still want Defender off as it does cause problems with stuttering on some specific tables on both FP and VPX. Adding exceptions aren't good enough.

 

Myself, I've always had Defender completely disabled for all things related to VP / FP / PuP / DOF, etc.

 

Bad choice unless your cabinet is totally offline, in which case you dont need any AV for an isolated system, it cant get anything you dont give it from someplace else.
You would have already scanned your content on the PC you downloaded it with.
But a lot of people's cabinets have WIFI and internet connections and interface with other devices on their home networks, and a lot of people have no cabinet at all
and use the same PC for everything, from playing pinball to doing their banking.

 

fwiw I have had no issues with it shuddering any tables beyond updating a ball at 200+ fps on a monitor that only refreshes at 60Hz which is cured by syncing to refresh

AV wise, only suddenly deciding it doesn't want FP to execute the external, which i rectified by telling it the vbs and the process were ok to let work together.

 

I'd not recommend running blindly from download to cabinet, we use VBS for these things
and it will do what ever it is told to do, table function or otherwise.
If one was of the mind to, one could put something very malicious in a table.

 

At least scan and review the stuff else where, before tossing it in your internetless cabinet
 

[GeorgeH]

I have Windows Defender and have played DOFLinx tables on my Win 10 PC.  I have not gotten the meditation error you posted.  I don't have a full install of DOFLinx but just add the DOFLinx.vbs file to the scripts folder so I can play the tables.  I am not sure why I have never gotten the error. 

 

I have had problems with Windows Defender scanning "execute" and "eval" commands in the script.  The real time protection scans these commands when they run and slows the frame rate on FP sometimes bringing all game play to a halt  Whenever I mod a table, I always look at the script and change the script to not use these commands unless I am sure a ball is not in play when these commands run.  You can remove FP from the scanner but it does not affect real time protection. 

[GeorgeH]

So as the title says, you may find, if you are running an internet connected PC and using windows defender for anti virus and get the Oct 2 2020 1.325.72.1 update, AND you happen to run Future Pinball

And you run tables that use DOFLinx (whether you have the hardware or not)

 

That suddenly, you can not launch those tables and get an error that FF_Init is undefined

 

And you will check, and find that DOFLinx.vbs is safe and sound in the scripts folder, and you have not changed a thing
and now you are saying WTF why does this suddenly not work???????

 

 

I just found out that it is not working because Defender is blocking Future Pinball.exe from executing external scripts.

 

How did i find this out?
I took a table that did not need DOFLinx, and i simply put in the line to execute the external script

This would of course load the table error free, and in a perfect world, the script would be wholly ignored as the table did not use it.

But, i got a giant ass red error box that said Your anti virus has blocked Future pinball from doing ExecuteGlobal LoadExternalScript

 

I submitted a copy of future pinball.exe and DOFLinx.vbs to MS, with an 1890 word explanation of what was going on, and why that would be unwanted Defender behavior, but who knows when they will address that, especially as no FP author/developer will be contacting them.

 

Here is picture of what you would see, if your table had not already gone beyond that point and tried to run FF_Init
You wont see this error on a real DOFLinx table as it will move beyond that too fast, and all you will see if the FF_Init failure

 

Now the good news part.
You can fix this.

 

 

Open windows security (just type that in the search box)

click the shield in the left icon bar

scroll down and click manage settings

 

click to add an exception and pick file

point it at future pinball/scripts/DOFLinx.vbs

Now your DOFLinx tables will run again.

 

Antiviruses in general, not just MS's, are getting a bit obnoxious with the every vbs is evil thing

they flag my own self written Not remotely malicious vbs scripts as various worms and trojans etc.

 

 

Anyways, i hope this helps someone avoid a bad and frustrating evening when all they wanted to do was play a game of pinball

 

 

[EDIT]
VPX seems to do things a bit differently as i did not notice defender jerking it around, but then VPX does DOF internally

Oh and the funny thing is, defender does not scan DOFLinx.vbs as malicious, so it must be the way that FP attempts to make use of it that pisses it off.

I guess I spoke too soon.  Maybe it took awhile for me to get the update.  I am not getting the same message as yours.  Instead, I get the message "Variable is undefined FF_Init" which is the same message you get if you don't have the DOFLinx.vbs file saved to the scripts folder.  (I do have it saved there).

 

I tried adding the exclusion like you said but it didn't work.  After I tried to play the DOFLinx table, I got a message on Defender that I had a severe trojan named "Trojan:VBS/Mountsi.A!ml".  After opening the "Virus and Threat Protection" option (with the shield as you describe).  I expanded out the threat option and found a button that says "Actions", clicked on it and then selected "allow on Device".  That fixed it.  I was able to play DOFLinx tables again.  I as able to remove the exclusion that I saved following your directions and it still worked.  I don't why it was different for me than you. 

Edited by GeorgeH, 08 October 2020 - 08:58 PM.

[wiesshund]

This may be easier.
In admin powershell windows do the following

 

Add-MpPreference -ExclusionPath "c:\emulation\VPX\Scripts\*.vbs"

Add-MpPreference -ExclusionProcess "c:\emulation\VPX\VPinballX.exe"

Add-MpPreference -ExclusionPath "c:\emulation\VPX\Tables\*.vbs"

Add-MpPreference -ExclusionProcess "c:\emulation\FP\Future Pinball.exe"

Add-MpPreference -ExclusionPath "c:\emulation\FP\Scripts\*.vbs"

 

change paths to match your own of course

[GeorgeH]

I checked and the Oct 2 2020 1.325.72.1 update has not been installed yet.  I think the cause may have been a definition update that erroneously identified the file as a trojan.  It might explain the differences we had in the messages we recieved. 

[wiesshund]

AV identifies VBS that i wrote myself and that is not capable of doing anything malicious, as all it does is make cortana talk when the PC is going to shut down
And greets you when you log in to windows.

 

Go figure

 

Keep those exception lines handy though, you will need them in the near future, or you can add them now and call it done

[Slydog43]

Great advice, I already have my anti-anti-virus.txt file with things very similar.  Can't believe more people have not complained.  Your stuff is better than mine, updating, thanks.

[GeorgeH]

I posted a case on Microsoft's web site requesting they resolve the false positive.  Maybe this will go away eventually. 

[TerryRed]

Neither my cabinet or my main test PC have Defender or any anti virus actively running. If you understand how viruses work, and are careful with your activity, then you can be fine without it (not something a lot of people can do, I know)

 

Its been many years, and so far so good... no virus or malware. I add exceptions to everything VP / FP related regardless, and on occasion I'll re-enable Malware Bytes and do a scan. After all these years and the same HDD's being used on multiple PCs and cabinet....which are always online....  no problems yet. It's probably why I never see most of the problems many do who use Defender,etc and don't know the damage it can do with false positives, or Windows blocking files. Makes for some very frustrating support for PinEvent / DOF / DOFLinx / PUP. Those programs and FP / BAM run fine without any issue...but Win 10 updates and protection can make things a pita for those who aren't tech savvy...and for me when they cry my table updates and pup-packs don't work "for them"...blah!

Edited by TerryRed, 10 October 2020 - 06:46 PM.

[GeorgeH]

I posted a case on Microsoft's web site requesting they resolve the false positive.  Maybe this will go away eventually. 

Microsoft has fixed the false positives on Windows Defender when the "DOFLinx.vbs" file runs for these two trojans:

 

Trojan:VBS/Mountsi.A!ml

Trojan:O97M/Mountsi.D!ml

 

At least it works on my PC now. 

 

I think you should be able to simply update your definitions; however, the analyst provided these steps to clear cached detection and obtain the latest malware definitions if you need it.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender

2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”

3. Run "MpCmdRun.exe -SignatureUpdate"

 

Alternatively, the latest definition is available for download here: https://www.microsof...dsi/definitions