Page 1 of 2 12 LastLast
  1.    11 Jun 2016 #1
    Join Date : Jul 2015
    Posts : 903
    Windows 10 Home x64

    WD keeps asking for sending Grim Dawn executable


    Hello.

    I love WD but this is becoming quite the annoyance. I am currently playing Grim Dawn a lot (among others) but everytime I launch the game, WD insists on sending the Grim Dawn executable to them for analysis. I agreed and sent it. However it keeps asking me for doing so.

    Grim Dawn is on Steam and up to date (v1.0.04)

    Any ideas?. It's not a big deal but annoying nonetheless.
      My ComputerSystem Spec
  2.    11 Jun 2016 #2
    Join Date : Nov 2015
    Posts : 2,962
    64bit Win 10 Pro ver 1709 Build 16299.125

    In the settings for WD make sure you have automatic sample submission turned on then it will stop asking you each time.

    Click image for larger version. 

Name:	2016-06-11 (1).png 
Views:	1 
Size:	40.2 KB 
ID:	84531
      My ComputersSystem Spec
  3.    11 Jun 2016 #3
    Join Date : Jul 2015
    Posts : 903
    Windows 10 Home x64
    Thread Starter

    Yep. It is disabled right now. But... I would like to know what is sending...
      My ComputerSystem Spec
  4.    11 Jun 2016 #4
    Join Date : Nov 2015
    Posts : 2,962
    64bit Win 10 Pro ver 1709 Build 16299.125

    As far as I know it is sending suspicious samples of executable code (strings of data taken from the file you are loading) that WD thinks could be potentially harmful until MS determines if it is a threat or not. At some point it will recognise that it is not a threat and that particular string of code will not trigger automatic sampling.
      My ComputersSystem Spec
  5.    11 Jun 2016 #5
    Join Date : Feb 2014
    Posts : 487

    I don't know the answer to your question, however this post is just to confirm that it's not just you it's happening to, but I have also experienced this.

    As mentioned in post No.2, maybe enabling 'Automatic Sample Submission' will work as a temporary solution. You can also add specific processes to an exclusion list from the same settings screen, but that's not something I would recommend doing.

    I do not know the criteria that Windows Defender uses to send a sample submission to Microsoft, the file I've just tested it with (not Grim Dawn) is code signed and Defender still wants to send a sample of the EXE to Microsoft, but I don't know whether it's just because it's a new executable and it's standard practice for them to get samples of all new exe's, or whether there's something the exe does that doesn't conform to some sort of best practices.

    However, I think there could be a genuine fault with Windows Defender in this case. Ordinarily, if you have 'Automatic Sample Submission' switched off, Windows Defender will ask you whether you want to review or send a sample to Microsoft (as per the below notification). After that first time, even if you re-download the exact same file from the same location it doesn't normally ask again, so ordinarily it remembers the file and that it's asked you.

    Click image for larger version. 

Name:	Notification 01.png 
Views:	31 
Size:	29.5 KB 
ID:	84592


    However, with the file I just tested (where it keeps asking to submit the same EXE sample to Microsoft), I found that the notification changed after the first notification and it no longer has the 'Send Files' or 'Review' buttons. Also if you click on either the notification itself or in the Action Centre, the notifications just disappears and no longer displays the separate 'review files' window. When you re-boot, the notification comes back again. After about 4-5 reboots it seems to have stopped asking now, so maybe it will stop for you too on it's own accord.

    Update to original post: It initially stopped asking after 4-5 reboots, but the problem later returned. Therefore ignore that part.

    Click image for larger version. 

Name:	Notification-02.jpg 
Views:	5 
Size:	138.3 KB 
ID:	84593
    Last edited by ARC1020; 11 Jun 2016 at 21:16. Reason: Added update
      My ComputerSystem Spec
  6.    11 Jun 2016 #6
    Join Date : Jan 2015
    Posts : 698

    Just a wild thought -- is it possible that some log and data cleaners such as ccleaner, if such are flagged to include WD, will delete said logs and data history? If the log and/or history is gone -- would WD "not remember" and send the file[s] again?
    Last edited by RolandJS; 12 Jun 2016 at 09:46.
      My ComputerSystem Spec
  7.    11 Jun 2016 #7
    Join Date : Jul 2015
    Posts : 903
    Windows 10 Home x64
    Thread Starter

    Hmm. The main question that remain is: why is asking for the same file over and over?. Maybe it's due to what Philc43 said, that samples are just pieces of code. In that case it's a weird and little efficient way of sending samples IMHO.

    Maybe someone more knowledgeable about WD can shed some light on this...

    PS - In the interim, I am going to do an easy test: I am going to pack the Grim Dawn executable with UPX to change its structure on purpose. Let's see if WD behaves the same way.
      My ComputerSystem Spec
  8.    11 Jun 2016 #8
    Join Date : Jul 2015
    Posts : 903
    Windows 10 Home x64
    Thread Starter

    It seems Grim Dawn executable is already packed. Maybe that's why WD finds it suspicious.

    BTW: Does anybody know any PE identifier that will work under w10 and is up to date?
      My ComputerSystem Spec
  9.    11 Jun 2016 #9
    Join Date : Jul 2015
    Posts : 903
    Windows 10 Home x64
    Thread Starter

    I have set "auto sending of samples" to enabled because today WD minimized my game while I was playing.
      My ComputerSystem Spec
  10.    11 Jun 2016 #10
    Join Date : Feb 2014
    Posts : 487

    Quote Originally Posted by eLPuSHeR View Post
    Hmm. The main question that remain is: why is asking for the same file over and over?. Maybe it's due to what Philc43 said, that samples are just pieces of code. In that case it's a weird and little efficient way of sending samples IMHO.
    According to Event Viewer it should be sending the following files to Microsoft:

    \\?\C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{Identifier Number}-Filename.exe
    C:\Users\USER\AppData\Local\Temp\MPSampleSubmit\client_manifest.xml
    C:\Users\USER\AppData\Local\Temp\WER1C6.tmp.WERInternalMetadata.xml

    However, looking at the network traffic when choosing to submit the file, MSASCui.exe connects to watson.telemetry.microsoft.com.nsatc.net, but doesn't actually upload the exe file for sample submission. However, I don't know whether that's normal or not as this is the first time it's misbehaved.

    Quote Originally Posted by eLPuSHeR View Post
    I have set "auto sending of samples" to enabled because today WD minimized my game while I was playing.
    Yeah, I'm not sure what else can be done until Microsoft issue a fix. I've found it makes no difference whether you choose to send the file or not send the file, it will still keep asking regardless. So even though enabling 'Automatic Sample Submission' doesn't cure the problem, at least you won't keep getting notifications for now.
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Drivers for a Blackweb Grim Gaming Mouse?
So I got a Blackweb Grim Gaming Mouse from a friend, no box it was used a bit. Is there any software available for it or a manual online? I've tried googling with no luck.
Software and Apps
Sending pictures to an existing CDR
I used XP for almost fourteen years without a problem. Now that I have windows10 I haven't been able to add pictures to exist8ing cd's. No problems with data or music. I also cannot view the picture CD's. I double click burn to disc but nothing...
General Support
sending email
It takes 20+ seconds for my email to leave desktop. For comparison with Ubuntu it takes a split second. Fresh win 10 install. Tks
Browsers and Email
How to make executable & linkable file with phone numbers.
I have seen people sending executable & linkable file with phone numbers in Whatapp which after clicking automatically ask us to add to contacts. How these files are created and what is the software name? Please help. Thanks Ashok
Software and Apps
Windows 10 launches extra thread when running an executable
Hi there. I observed that when creating an executable with Visual Studio, Windows 10 will launch one (sometimes even two) extra thread. This happens even for the simplest program: int main() { return 0; } If you break on return 0, Visual...
Software and Apps
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:35.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums