JH1803 Posted February 20, 2018 Posted February 20, 2018 Hello everyone, I just reinstalled my FSLabs A320 and everything that belongs to it. After a successful installation, I wanted to install FSLSpotlights. With the Version 2.0.0.3 installed, I got the message when loading a Scenario that there is a newer Version available and then P3D closed itself. However, I am unable to install the new Version 2.0.0.7. because apparently my cmdhost.exe can not be changed. The installer says that cmdhost.exe is supposed to be located at Windows/System32 while mine is located at Windows/SysWOW64, so that might be an issue, but I am not an expert. Thanks for your help Kind Regards Quote
JH1803 Posted February 20, 2018 Author Posted February 20, 2018 Furthermore, I just tried installing it by ignoring the error and now when I start my P3D my Monitor turns completely black (even after uninstalling). When I uninstalled it said some items could not be removed, as well. Please help me I really don´t want to have to delete my whole P3D with all its addons just because of FSLSpotlights! Quote
JH1803 Posted February 20, 2018 Author Posted February 20, 2018 Another update: I now managed to start P3D and everything worked, but the FMC, MCDU etc. were all completely black. Loading a different aircraft state got me to have everything working but MCDU 2. After a restart and a simconnect reinstall I´ve got now FMC etc. all black again. Please help me with both my issues: Getting Spotlights and getting a fully functional Cockpit again. Thank so much Quote
JH1803 Posted February 25, 2018 Author Posted February 25, 2018 My Problem is solved: Go to your Firewall and exclude cmdhost.exe from it. That solved it for me Quote
Lefteris Kalamaras Posted April 18, 2018 Posted April 18, 2018 Hello, cmdhost.exe is part of our serial number activation checking mechanism. Feel free to submit it to all your virus engines - then let us know if any of them flags it, so we can also submit a false positive for you. 2 1 Quote
Tony Hodge Posted May 26, 2018 Posted May 26, 2018 AVAST certainly does, so no Spotlights v.2.0.0.7 here! Quote
Lefteris Kalamaras Posted May 28, 2018 Posted May 28, 2018 We have submitted it to AVAST but it might be good if you did as well, as a customer! Quote
Fred Ziker Posted June 1, 2018 Posted June 1, 2018 Could you please submit that cmdhost.exe is a false positive to the developers of HitmanPro.Alert (a Sophos Company https://www.hitmanpro.com/ ) ? I have tried requesting a false positive for this but to no avail. Quote
Lefteris Kalamaras Posted June 2, 2018 Posted June 2, 2018 Hi Fred, where did you submit it? What happened when you did? Quote
Fred Ziker Posted June 2, 2018 Posted June 2, 2018 Before I became aware of the cmdhost.exe kerfuffle, I emailed support@hitmanpro.com on 30 March, 2018. Only their current version (3.76 Build 739) is blocking the activation of an FSL A320 in P3Dv4.2. Previous versions do not cause this type of alert. HitmanPro does not give the user any opportunity to exclude or trust anything. The following alert stops P3D from continuing to run: C:\Windows\System32\cmdhost.exe HollowProcess Mitigation HollowProcess Platform 10.0.17134/x64 v739 06_5e PID 6244 Application C:\Windows\System32\cmdhost.exe Description 1.0 Filename C:\Program Files\Lockheed Martin\Prepar3D v4\Prepar3D.exe Target PID 13124 Target C:\Program Files\Lockheed Martin\Prepar3D v4\Prepar3D.exe Image Base 0x00007FF77E8D0000 Reason-MTH : 0000022D35B90000 Process Trace 1 C:\Windows\System32\cmdhost.exe [6244] 2 C:\Program Files\Lockheed Martin\Prepar3D v4\Prepar3D.exe [13124] 3 C:\Windows\explorer.exe [6900] 4 C:\Windows\System32\userinit.exe [6396] Thumbprint 36c1d127197d9eb7734ef5061458e6f63512daa2c8685e7cb3b9cf33910c6e89 I told them I wasn't an advanced user and didn't know what a hollow process was but that I trusted the programs from FlightSimLabs and Lockheed Martin and how could I exempt them from blocking. Their initial response was: This is a trick that this game is playing, process hollowing is like you start a legit program, you 'freeze' it, remove the original code from memory, dump your own code and then 'unfreeze' it. This way you could have a look at your processes running and it would show notepad.exe while in reality it was another.exe no way to see the difference. Is there a way we can get our hands on this software so we can investigate what this is they are doing here? Kind Regards, Ronny HitmanPro Tech Support I emailed them back with the particulars of P3D and how to get in touch with you at FSL but instead on 16 April they asked for: Can you compress these files in a zip and send them to us? C:\Program Files\Lockheed Martin\Prepar3D v4\Prepar3D.exe C:\Windows\System32\cmdhost.exe Maybe we can then find out what's going on without having to install it completely of scratch. Kind Regards, Ronny HitmanPro Tech Support I wasn't willing to compress these massive files and pretty sure that would be a violation of my license agreements to have them on someone elses computer so I gave up and uninstalled their program. I was running HitmanPro Alert in conjunction with Norton and would like to restore that protection as my computer is not exclusively for flightsim. I reloaded HitmanPro Alert again just now and can confirm that it will still not allow FSL aircraft to load into P3D. Thanks for anything you can do! Fred Ziker Quote
Lefteris Kalamaras Posted June 2, 2018 Posted June 2, 2018 Thanks Fred, we will contact HitmanPro and explain exactly how it is we're loading the cmdhost.exe with the esellerate DLLs which communicate with the eSellerate activation servers. There's no malicious code running here whatsoever, we appreciate the contact and details. Can we mention your name in ensuring their support is aware of the previous email chain? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.