I began an update for a game called Elder Scrolls Online and a notification popped up saying it was submitting something to be scanned and later removed it. It downloaded some new redistributable it needed to function. 

Can anyone tell me what this is, where it came from, ect? I got this right as I went to update a game, which I believe should be safe still?

Filename: dd8868bdb1ddc26d7b14df21bf13ef0cfd939fc2.solidpiece
Threat name: Heur.AdvML.BFull Path: C:\Users\Owner\AppData\Local\Temp\76809b23244d57663434ac40622941948553a566\dd8868bdb1ddc26d7b14df21bf13ef0cfd939fc2.solidpiece

____________________________

____________________________

On computers as of 
6/26/2024 at 4:09:13 PM

Last Used 
6/26/2024 at 4:11:14 PM

Startup Item 
No
Launched 
No
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

____________________________

dd8868bdb1ddc26d7b14df21bf13ef0cfd939fc2.solidpieceThreat name: Heur.AdvML.B
Locate

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

High
This file risk is high.

____________________________

Source: External Media

Source File: 
dd8868bdb1ddc26d7b14df21bf13ef0cfd939fc2.solidpiece

____________________________

File Actions

File: C:\Users\Owner\AppData\Local\Temp\76809b23244d57663434ac40622941948553a566\dd8868bdb1ddc26d7b14df21bf13ef0cfd939fc2.solidpieceRemoved

____________________________

File Thumbprint - SHA:
fbd997bdb296833c24584a2182343dc83743e8520877958e4dcca15dec1e3780
File Thumbprint - MD5:
e2a0661c763e545e411bb34500ffeea6

fwiw ~ my understanding....one download event may generate more than one download name - download path - download detection.  

1) When you download a file, the original file name is for example filename.exe while the Chrome browser will try to download a file from their cache and the file name is for example f_0000xxx. 

If your download location is Desktop.

The Desktop path and the AppData path would get generated when the file is downloaded on the computer as the AppData path will have the location for the source of the download while the Desktop path has the location of the file.

for example: one download - two paths

Full Path: C:\bjms\Chrome\user\current\Desktop\filename.exe
Full Path: C:\bjms\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000xxx.

2) Norton may throw for example a Heuristic Machine Learning and a Signature detection for the same event.
This is done to make sure that the computer is not infected by any type of infection.  
Norton will try to analyze the file completely and detect all possible infections from the file.

for example:  one download - two detections - four history events
Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action,Activity - Details
5/16/2019 4:32:59 AM,High,f_00009e (Heur.AdvML.B) detected by Download Insight,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
5/16/2019 4:32:59 AM,High,f_00009e (Trojan.Gen.2) detected by Download Insight,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
5/16/2019 4:32:38 AM,High,memz-trojan_3496590099.exe (Heur.AdvML.B) detected by Download Insight,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
5/16/2019 4:32:38 AM,High,memz-trojan_3496590099.exe (Trojan.Gen.2) detected by Download Insight,Quarantined,Resolved - No Action Required,Threat Actions performed: 1

for example: 
Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Activity - Details
1/2/2020 3:00:54 PM,High,Xt4ZIm2j.exe.part (W32.Imaut) detected by Download Insight,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
1/2/2020 3:00:52 PM,High,E624AD7A6C8123C87D22D42745E3A1AA28CDD828 (W32.Imaut) detected by Download Insight,Quarantined,Resolved - No Action Required,Threat Actions performed: 1

for example: 
Category: Quarantine
1/1/2020 10:21:43 AM,High,numpy-1.18.0_1018476429.exe (Trojan.Gen.2) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 1
1/1/2020 10:21:43 AM,High,numpy-1.18.0_1018476429.exe (Heur.AdvML.C) detected by Auto-Protect,Quarantined,Resolved - No Action Required,Threat Actions performed: 1

demonicvampireg:

1) Says so in my history when I look. Says removed when you check activity. 

2) Just as a question out of pure curiosity, if I happen to uninstall Nortons to switch antivirus or need to because of a file corruption, ect. What happens with virus' that are Quarantined? 

1) Any related item/s with Security History - Quarantine/Resolved Security Risks?
Norton may reports two detections for the same related event.   

2) Items in Quarantine are gone with Norton clean uninstall. 
Best practice is to keep convicted files in jail for awhile....just in case...ya' need the file restored or the file is exonerated. 

Says so in my history when I look. Says removed when you check activity. 

Just as a question out of pure curiosity, if I happen to uninstall Nortons to switch antivirus or need to because of a file corruption, ect. What happens with virus' that are Quarantined? 

demonicvampireg:

Will break it down into two pieces so it's readable but the entire thing was there. 
C:\Users\Owner\AppData\Local\Temp\76809b23244d57663434ac40622941948553a566
\dd8868bdb1ddc26d7b14df21bf13ef0cfd939fc2.solidpiece

Sorry, same comment

May be a .tmp file created by the installer.  
May be an unsigned .tmp file created by the update installer. 

the File Thumbprint - SHA:
fbd997bdb296833c24584a2182343dc83743e8520877958e4dcca15dec1e3780

is not known to VirusTotal 

So, is this file....whatever it is...in Quarantine?  
Maybe, ask "game" support what the file is?  
Sorry, [...]fd939fc2.solidpiece is head scratch?

Will break it down into two pieces so it's readable but the entire thing was there. 
 

C:\Users\Owner\AppData\Local\Temp\76809b23244d57663434ac40622941948553a566

\dd8868bdb1ddc26d7b14df21bf13ef0cfd939fc2.solidpiece

demonicvampireg:

Could this have been a false positive?  

I can only see partial path

May be a .tmp file created by the installer.  
May be an unsigned .tmp file created by the update installer. 

the File Thumbprint - SHA:
fbd997bdb296833c24584a2182343dc83743e8520877958e4dcca15dec1e3780

is not known to VirusTotal 

demonicvampireg:
Could this have been a false positive?  

Act on quarantined risks or threats
https://support.norton.com/sp/en/us/solutions/v6200305 01-Apr-2024

Report a suspected incorrect detection to Norton
https://support.norton.com/sp/en/us/solutions/v126152382 06-Sep-2023

Submit a file or URL to Norton
https://support.norton.com/sp/en/us/solutions/kb200906 25-Mar-2024

Respond to incorrect Norton alerts that a file is infected or a program or website is suspicious
https://support.norton.com/sp/en/us/solutions/kb20100222 06-Sep-2023

For second opinion choose File &/or Search hash at VirusTotal 

Turn off or turn on Download Intelligence
https://support.norton.com/sp/en/us/solutions/v23920640 06-Sep-2023

Exclude files and folders from Norton scans
https://support.norton.com/sp/en/solutions/v3672136 24-Jun-2024

Norton detects a file or program as a threat even after you exclude it from scan
https://support.norton.com/sp/en/us/solutions/v115455517 06-Sep-2023

Configure Exclusions/Low Risks settings
https://support.norton.com/sp/en/us/solutions/v15457075 06-Sep-2023

Exclude files with low-risk signatures from Norton scans
https://support.norton.com/sp/en/us/solutions/v15463085 06-Sep-2023

I completely missed the word "free" in that. No I paid for the game, have owned it for years  and I get it directly from their website. It's got it's own launcher for the game where it automatically updates when you open it. Only other thing this has is some mods, which are legal ones from ESOUI and I've been using these ones for months, some even years across multiple PCs.  (ESO allows the use of mods as long as they do not give any unfair advantage. So these are quest marker, harvest nodes, mini map, skyshard and lorebook mods, along with whatever lib stub they need.)

It should be set at whatever default it is. Th only thing I've altered is the Idle Time Optimizer to stop it from idle scanning, and even that isn't stopped. It's actually annoying and it really needs to stop scanning every time I walk away from my PC, seems to be messing things up. 

@SoulAsylum

Three, actually. Official website launcher (what I use), Epic and Steam. I do not use Epic nor Steam as stated before for this game. I completely missed where it said "free download". I had a lot of things I was doing that day and had to get moving when I replied. 

I know how Steam works, I've used it for years as well. I had Chrome open with this, had 3 tabs for Tumblr and 2 for YouTube open, clicked to log in for the day and was met with an update, then Nortons going on about some virus. 

Apparently this game just had a new update and others was having issues with it. But as I said, Nortons caught and removed whatever it was. I have also scanned the PC twice since then, nothing seems to be wrong with it unless Nortons is missing it entirely.

Could this have been a false positive?  

Please post progress
Thanks

Where are the updates being downloaded from indeed? There are two safe download sited for this game. Updates or sourced game files from any other sources would be considered risky and not from a reputable source. Certainly not official. Thus, the reason so few users are noted as having used the update files. Steam, specifically will automatically que updates for each game title owned in the users library. I never have any issues with my titles updating within Steam as they are all purchased there.

Steam - https://store.steampowered.com/agecheck/app/306130/

Epic Games Store - https://store.epicgames.com/en-US/p/the-elder-scrolls-online

SA

Well, I Googled = Elder Scrolls Online and found $.$$

where can I download for free...where is your download from

Is your Norton Heuristic Protection set at Automatic? 

It's a major game, so yes. It's been around for years and part of the Elder Scrolls franchise. 

File Thumbprint - SHA:
fbd997bdb296833c24584a2182343dc83743e8520877958e4dcca15dec1e3780

is not known by VirusTotal

Is Elder Scrolls Online download/install free & publicly available?