Jump to content
JH1803

P3Dv4 Problems with installing the latest Spotlight version (cmdhost.exe)

Recommended Posts

JH1803

Hello everyone,

I just reinstalled my FSLabs A320 and everything that belongs to it. After a successful installation, I wanted to install FSLSpotlights. With the Version 2.0.0.3 installed, I got the message when loading a Scenario that there is a newer Version available and then P3D closed itself. However, I am unable to install the new Version 2.0.0.7. because apparently my cmdhost.exe can not be changed. The installer says that cmdhost.exe is supposed to be located at Windows/System32 while mine is located at Windows/SysWOW64, so that might be an issue, but I am not an expert.

Thanks for your help

Kind Regards

FSL.JPG

Share this post


Link to post
JH1803

Furthermore, I just tried installing it by ignoring the error and now when I start my P3D my Monitor turns completely black (even after uninstalling). When I uninstalled it said some items could not be removed, as well.

Please help me I really don´t want to have to delete my whole P3D with all its addons just because of FSLSpotlights!

Share this post


Link to post
JH1803

Another update:

I now managed to start P3D and everything worked, but the FMC, MCDU etc. were all completely black. Loading a different aircraft state got me to have everything working but MCDU 2. After a restart and a simconnect reinstall I´ve got now FMC etc. all black again. Please help me with both my issues: Getting Spotlights and getting a fully functional Cockpit again.

Thank so much

Share this post


Link to post
Kamil Juvat

I can't install Spotlights v.2.0.0.7 too, I'm getting the same error.

I had Spotlights installed before and all was working until I upgraded to P3Dv4.2, now with Spotlights installed P3D won't lunch, reinstalling is blocked by the above error.

Share this post


Link to post
JH1803

My Problem is solved:

Go to your Firewall and exclude cmdhost.exe from it. That solved it for me :)

Share this post


Link to post
Kamil Juvat

I'm kinda reluctant to exclude any unknown executables but thanks for the tip.

Share this post


Link to post
Lefteris Kalamaras

Hello,

cmdhost.exe is part of our serial number activation checking mechanism. Feel free to submit it to all your virus engines - then let us know if any of them flags it, so we can also submit a false positive for you.

  • Haha 2
  • Sad 1

Share this post


Link to post
Tony Hodge

AVAST certainly does, so no Spotlights  v.2.0.0.7 here!

Share this post


Link to post
Lefteris Kalamaras

We have submitted it to AVAST but it might be good if you did as well, as a customer!

Share this post


Link to post
Fred Ziker

Could you please submit that cmdhost.exe is a false positive to the developers of HitmanPro.Alert (a Sophos Company https://www.hitmanpro.com/ ) ? I have tried requesting a false positive for this but to no avail. 

Share this post


Link to post
Lefteris Kalamaras

Hi Fred,

where did you submit it? What happened when you did?

Share this post


Link to post
Fred Ziker

Before I became aware of the cmdhost.exe kerfuffle, I emailed support@hitmanpro.com on 30 March, 2018. Only their current version (3.76 Build 739) is blocking the activation of an FSL A320 in P3Dv4.2. Previous versions do not cause this type of alert. HitmanPro does not give the user any opportunity to exclude or trust anything. The following alert stops P3D from continuing to run:

C:\Windows\System32\cmdhost.exe  HollowProcess

Mitigation HollowProcess Platform 10.0.17134/x64 v739 06_5e PID 6244 Application C:\Windows\System32\cmdhost.exe Description 1.0 Filename C:\Program Files\Lockheed Martin\Prepar3D v4\Prepar3D.exe Target PID 13124 Target C:\Program Files\Lockheed Martin\Prepar3D v4\Prepar3D.exe Image Base 0x00007FF77E8D0000 Reason-MTH : 0000022D35B90000 Process Trace 1 C:\Windows\System32\cmdhost.exe [6244] 2 C:\Program Files\Lockheed Martin\Prepar3D v4\Prepar3D.exe [13124] 3 C:\Windows\explorer.exe [6900] 4 C:\Windows\System32\userinit.exe [6396] Thumbprint 36c1d127197d9eb7734ef5061458e6f63512daa2c8685e7cb3b9cf33910c6e89

I told them I wasn't an advanced user and didn't know what a hollow process was but that I trusted the programs from FlightSimLabs and Lockheed Martin and how could I exempt them from blocking. 

 

Their initial response was:

This is a trick that this game is playing, process hollowing is like you start a legit program, you 'freeze'  it, remove the original code from memory, dump your own code and then 'unfreeze' it.
This way you could have a look at your processes running and it would show notepad.exe while in reality it was another.exe no way to see the difference.

Is there a way we can get our hands on this software so we can investigate what this is they are doing here?

Kind Regards,
Ronny
HitmanPro Tech Support

I emailed them back with the particulars of P3D and how to get in touch with you at FSL but instead on 16 April they asked for:

Can you compress these files in a zip and send them to us?
C:\Program Files\Lockheed Martin\Prepar3D v4\Prepar3D.exe
C:\Windows\System32\cmdhost.exe

Maybe we can then find out what's going on without having to install it completely of scratch.

Kind Regards,
Ronny
HitmanPro Tech Support

I wasn't willing to compress these massive files and pretty sure that would be a violation of my license agreements to have them on someone elses computer so I gave up and uninstalled their program. I was running HitmanPro Alert in conjunction with Norton and would like to restore that protection as my computer is not exclusively for flightsim. 

I reloaded HitmanPro Alert again just now and can confirm that it will still not allow FSL aircraft to load into P3D.

Thanks for anything you can do! 

Fred Ziker

 

Share this post


Link to post
Lefteris Kalamaras

Thanks Fred,

we will contact HitmanPro and explain exactly how it is we're loading the cmdhost.exe with the esellerate DLLs which communicate with the eSellerate activation servers. There's no malicious code running here whatsoever, we appreciate the contact and details. Can we mention your name in ensuring their support is aware of the previous email chain?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...