MLVScan is a security-focused MelonLoader plugin designed to detect and disable potentially malicious mods before they can harm your system. It scans for suspicious patterns commonly found in malware and prevents them from executing.
Features
Pre-load Scanning: Catches malicious code before it can execute
Modular Detection Rules: Identifies various malicious patterns
Severity Classification: Categorizes threats by risk level (Critical, High, Medium, Low)
Automatic Disabling: Prevents suspicious mods from loading
Detailed Reports: Generates comprehensive scan reports with specific findings
Whitelisting: Allows trusted mods to bypass scanning (Most mods pass the scan just fine, with a few that have been whitelisted due to false positives, the current whitelist system is planned to be replaced with an improved version in the future)
Security Guidance: Provides actionable steps if a threat is detected
How It Works
MLVScan analyzes all mods before they are loaded by MelonLoader. It uses static analysis to scan for suspicious code patterns without executing them. When a potentially malicious mod is detected,
MLVScan:
Prevents the mod from loading
Logs detailed information about the suspicious patterns
Creates a report file with findings and remediation steps
Provides security guidance if your system might be affected
Usage
MLVScan works automatically when your game starts. No additional configuration is required for basic protection.
Whitelist Configuration
To whitelist trusted mods that might trigger false positives:
Edit MelonPreferences.cfg in your game directory
Find the [MLVScan] section
Add mod filenames to the WhitelistedMods setting
Save the file
Example:
[MLVScan]
WhitelistedMods = [ “MLVScan.dll”, “MLVScan.MelonLoader.dll”, “CustomTV.dll”, “CustomTV_Mono.dll”, “CustomTV_IL2CPP.dll”, “YourWhitelistedMod.dll”, ]
Warning: Only whitelist mods from trusted sources. Whitelisted mods fully bypass security checks.
Security Report Interpretation
When MLVScan detects a suspicious finding, it will generate a report with findings categorized by severity, and disable the mod if the severity is within the configured threshold:
Critical: High-risk activities like executing external processes or loading assemblies
High: Potentially dangerous behaviors like loading encrypted or obfuscated data
Medium: Suspicious patterns that might be legitimate in some contexts
Low: Minor suspicious patterns with little to no risk
Review the details carefully before deciding to whitelist a mod.
Roadmap / Feature Ideas
Hash-based Whitelist: Verify mod authenticity using cryptographic hashes instead of filenames
Smart Pattern Analysis: Reduce false positives through contextual analysis
Behavior Monitoring: Runtime detection of suspicious behavior
GUI Interface: User-friendly interface for managing security settings
Mod Publisher Verification: Support for digitally signed mods from trusted developers
Custom Rules Configuration: Allow users to define custom detection rules
Disclaimer
MLVScan is provided as-is without warranty. While it can detect many malicious patterns, no security tool is perfect, and cyber security is a never-ending battle of cat and mouse. Always exercise caution when installing newer mods, and NEVER install mods from untrusted sources. Trusted mod sources are NexusMods and Thunderstore; however, you should always be wary of new mods.
Requires: MelonLoader
Credits:ifBars
Download
| File | Description | File size | Downloads |
|---|---|---|---|
MLVScan 1.4 | 45 KB | 7 |