Ideas

Szkieletor73x's avatar
Szkieletor73x
New Spectator
2 months ago

Javelin temporary files flagged by anti-virus

Every time the game is launched, Windows Defender pop-up appears, informing me that it blocked a threat. The flagged file is C:\Windows\SystemTemp\Tmp####.tmp, where #### are random numbers, different on every launch. The specific threat detected is VulnerableDriver:WinNT/Winring0.

Basically, outdated versions of the Winring0 driver expose a CVE that can be used by third-parties as an attack vector. I am using other kernel-level software that uses this driver, such as Rivatuner, OpenRGB or HWMonitor, but I'm 100% sure this specific case is related to Javelin Anti-Cheat, as the pop-ups only appear when I launch BF6, and at no other point.

This is a problem for three main reasons. One, it's a vulnerability that should be taken seriously and it's frankly quite the amateur move for EA to ship the anti-cheat with this CVE. Two, the constant Defender pop-ups are annoying, and some affected users might think they actually got infected. Three, I don't want to get banned because Defender accurately identified a threat, and disrupted some functionality triggering an anti-cheat flag.

Reproduction steps: launch BF6 via Steam with latest version of Windows Defender active. Confirmed with version 1.441.104.0, on Windows 11 Education.

anticheat
launching
pc
steam

1 Comment

  • mikQQQL's avatar
    mikQQQL
    Seasoned Newcomer
    2 months ago

    Yup, same issue here, everytime I launch BF6 my windows defender is triggered by the Winring0 driver.

    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    You can find more information in the following:
    https://go.microsoft.com/fwlink/?linkid=37020&name=VulnerableDriver:WinNT/Winring0&threatid=2147937641&enterprise=0 
    Name: VulnerableDriver:WinNT/Winring0 
    ID: 2147937641 
    Severity: Serious 
    Category: Trojan 
    Path: file:_C:\Windows\SystemTemp\Tmp2B85.tmp 
    Registration origin: Local computer 
    Registration Type: FastPath 
    Registration source: Real-time protection 
    User: NT AUTHORITY\SYSTEM 
    Process Name: C:\Program Files\EA\AC\EAAntiCheat.GameService.exe 
    Security Intelligence Version: AV: 1.441.168.0, AS: 1.441.168.0, NIS: 1.441.168.0 
    Program version: AM: 1.1.25100.9002, NIS: 1.1.25100.9002

Featured Places

Node avatar for Battlefield 6 Bug Reports

Battlefield 6 Bug Reports

Report bugs and see what the Battlefield 6 community is saying on this forum.Latest Activity: 2 months ago
8,381 Posts