WD keeps asking for sending Grim Dawn executable

Page 1 of 2 12 LastLast

  1. Posts : 2,935
    Windows 10 Home x64
       #1

    WD keeps asking for sending Grim Dawn executable


    Hello.

    I love WD but this is becoming quite the annoyance. I am currently playing Grim Dawn a lot (among others) but everytime I launch the game, WD insists on sending the Grim Dawn executable to them for analysis. I agreed and sent it. However it keeps asking me for doing so.

    Grim Dawn is on Steam and up to date (v1.0.04)

    Any ideas?. It's not a big deal but annoying nonetheless.
      My Computer


  2. Posts : 5,169
    64bit Win 10 Pro ver 21H2
       #2

    In the settings for WD make sure you have automatic sample submission turned on then it will stop asking you each time.

    WD keeps asking for sending Grim Dawn executable-2016-06-11-1-.png
      My Computers


  3. Posts : 2,935
    Windows 10 Home x64
    Thread Starter
       #3

    Yep. It is disabled right now. But... I would like to know what is sending...
      My Computer


  4. Posts : 5,169
    64bit Win 10 Pro ver 21H2
       #4

    As far as I know it is sending suspicious samples of executable code (strings of data taken from the file you are loading) that WD thinks could be potentially harmful until MS determines if it is a threat or not. At some point it will recognise that it is not a threat and that particular string of code will not trigger automatic sampling.
      My Computers


  5. Posts : 487
       #5

    I don't know the answer to your question, however this post is just to confirm that it's not just you it's happening to, but I have also experienced this.

    As mentioned in post No.2, maybe enabling 'Automatic Sample Submission' will work as a temporary solution. You can also add specific processes to an exclusion list from the same settings screen, but that's not something I would recommend doing.

    I do not know the criteria that Windows Defender uses to send a sample submission to Microsoft, the file I've just tested it with (not Grim Dawn) is code signed and Defender still wants to send a sample of the EXE to Microsoft, but I don't know whether it's just because it's a new executable and it's standard practice for them to get samples of all new exe's, or whether there's something the exe does that doesn't conform to some sort of best practices.

    However, I think there could be a genuine fault with Windows Defender in this case. Ordinarily, if you have 'Automatic Sample Submission' switched off, Windows Defender will ask you whether you want to review or send a sample to Microsoft (as per the below notification). After that first time, even if you re-download the exact same file from the same location it doesn't normally ask again, so ordinarily it remembers the file and that it's asked you.

    WD keeps asking for sending Grim Dawn executable-notification-01.png


    However, with the file I just tested (where it keeps asking to submit the same EXE sample to Microsoft), I found that the notification changed after the first notification and it no longer has the 'Send Files' or 'Review' buttons. Also if you click on either the notification itself or in the Action Centre, the notifications just disappears and no longer displays the separate 'review files' window. When you re-boot, the notification comes back again. After about 4-5 reboots it seems to have stopped asking now, so maybe it will stop for you too on it's own accord.

    Update to original post: It initially stopped asking after 4-5 reboots, but the problem later returned. Therefore ignore that part.

    WD keeps asking for sending Grim Dawn executable-notification-02.jpg
    Last edited by ARC1020; 11 Jun 2016 at 21:16. Reason: Added update
      My Computer


  6. Posts : 1,621
    Windows 10 Home
       #6

    Just a wild thought -- is it possible that some log and data cleaners such as ccleaner, if such are flagged to include WD, will delete said logs and data history? If the log and/or history is gone -- would WD "not remember" and send the file[s] again?
    Last edited by RolandJS; 12 Jun 2016 at 09:46.
      My Computer


  7. Posts : 2,935
    Windows 10 Home x64
    Thread Starter
       #7

    Hmm. The main question that remain is: why is asking for the same file over and over?. Maybe it's due to what Philc43 said, that samples are just pieces of code. In that case it's a weird and little efficient way of sending samples IMHO.

    Maybe someone more knowledgeable about WD can shed some light on this...

    PS - In the interim, I am going to do an easy test: I am going to pack the Grim Dawn executable with UPX to change its structure on purpose. Let's see if WD behaves the same way.
      My Computer


  8. Posts : 2,935
    Windows 10 Home x64
    Thread Starter
       #8

    It seems Grim Dawn executable is already packed. Maybe that's why WD finds it suspicious.

    BTW: Does anybody know any PE identifier that will work under w10 and is up to date?
      My Computer


  9. Posts : 2,935
    Windows 10 Home x64
    Thread Starter
       #9

    I have set "auto sending of samples" to enabled because today WD minimized my game while I was playing.
      My Computer


  10. Posts : 487
       #10

    eLPuSHeR said:
    Hmm. The main question that remain is: why is asking for the same file over and over?. Maybe it's due to what Philc43 said, that samples are just pieces of code. In that case it's a weird and little efficient way of sending samples IMHO.
    According to Event Viewer it should be sending the following files to Microsoft:

    \\?\C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{Identifier Number}-Filename.exe
    C:\Users\USER\AppData\Local\Temp\MPSampleSubmit\client_manifest.xml
    C:\Users\USER\AppData\Local\Temp\WER1C6.tmp.WERInternalMetadata.xml

    However, looking at the network traffic when choosing to submit the file, MSASCui.exe connects to watson.telemetry.microsoft.com.nsatc.net, but doesn't actually upload the exe file for sample submission. However, I don't know whether that's normal or not as this is the first time it's misbehaved.

    eLPuSHeR said:
    I have set "auto sending of samples" to enabled because today WD minimized my game while I was playing.
    Yeah, I'm not sure what else can be done until Microsoft issue a fix. I've found it makes no difference whether you choose to send the file or not send the file, it will still keep asking regardless. So even though enabling 'Automatic Sample Submission' doesn't cure the problem, at least you won't keep getting notifications for now.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:41.
Find Us




Windows 10 Forums