Virus or false positive?
Moderator: Moderators
Re: Virus or false positive?
No idea. I don't think it's something I'm doing (I never touched my Defender settings and keep everything on default + auto update).
Re: Virus or false positive?
After yesterdays update of ZGE then rrTea informed me that Windows Defender is triggering.
And indeed if I make a specific scan for Player.bin then it shows the "Win32/Unwaders.B!ml" message here.
Uploading to VirusTotal triggers only 5/68 false positives: https://www.virustotal.com/gui/file/402 ... /detection
Not sure how to make Windows Defender stop triggering on this because there is no more info shown. Anyone have any ideas?
And indeed if I make a specific scan for Player.bin then it shows the "Win32/Unwaders.B!ml" message here.
Uploading to VirusTotal triggers only 5/68 false positives: https://www.virustotal.com/gui/file/402 ... /detection
Not sure how to make Windows Defender stop triggering on this because there is no more info shown. Anyone have any ideas?
Re: Virus or false positive?
The newest build (the one I tested after the PM) doesn't trigger Defender anymore!
good job! /veryhappy!!!
Edit: That was on that day. But today…

Edit: That was on that day. But today…
- Attachments
-
- Player.bin is no more…
- 剪贴板图片 (1).png (14.67 KiB) Viewed 14447 times
Re: Virus or false positive?
That is very annoying, it has also changed the kind of virus it thinks it is because it did not show "Fuery" before. And it seems your definitions are ahead of mine (because of different localization?) because it still passes Windows Defender here with definitions updated today.
Re: Virus or false positive?
Yes it is very annoying & impractical… If it means anything, on 11th Defender "recognized" "Unwaders", but later it switched the classification to "Fuery" before deleting it. For now I guess the only way to test my projects is within ZGE's preview window.
- Attachments
-
- On 16th it switched to "Fuery".
- 剪贴板图片 (2).png (4.92 KiB) Viewed 14433 times
Re: Virus or false positive?
Could it be that something in my project is triggering Defender? I'm not using any external libraries (not even for sound!) so this shouldn't be causing it (in my previous projects I usually turned off Microsoft's IME before going fullscreen, but now I'm not doing even that). I'm also not reading/writing anything to disk yet (high score table not yet implemented).
If that'd help shed any light on the matter, I can send over the project to you and you can try building it on your end. Clutching at straws really but for now I can't think of anything else I can do on my end short of turning Defender off (which I can not do because I also use this computer for work etc).
If that'd help shed any light on the matter, I can send over the project to you and you can try building it on your end. Clutching at straws really but for now I can't think of anything else I can do on my end short of turning Defender off (which I can not do because I also use this computer for work etc).
Re: Virus or false positive?
Latest Player.bin still works here so it might indeed be worth testing if it is somehow related to your project. If you send it to me then I can try building it here and see what happens.
@Kjell: Is the Player.bin from latest ZGE working for you?
@Kjell: Is the Player.bin from latest ZGE working for you?
Re: Virus or false positive?
I updated definitions now and got "1.309.1282.0" version. Player.bin passes.
@rrTea: can you please check what version of virus definitions you have? The version number is shown in control panel after you select "Search for updates" on virus settings.
I also tried your game (looking good!) on virus total. First attempt got 19 hits. Then I removed the word "setup" (from App.Caption) and then it reduces to 15 hits. Just as an example on how arbitrary the virus scanners are.
When you are ready to release this game I can help you make the exe-file separate from the content. This seems to be more accepted by virus scanners. But we need to make player.bin accepted first.
@rrTea: can you please check what version of virus definitions you have? The version number is shown in control panel after you select "Search for updates" on virus settings.
I also tried your game (looking good!) on virus total. First attempt got 19 hits. Then I removed the word "setup" (from App.Caption) and then it reduces to 15 hits. Just as an example on how arbitrary the virus scanners are.
When you are ready to release this game I can help you make the exe-file separate from the content. This seems to be more accepted by virus scanners. But we need to make player.bin accepted first.
Re: Virus or false positive?
For the record, today I have 1.309.1206.0 (last update check 8 hours ago). But I think it doesn't matter, since I can't guarantee that's what I had at the moment player.bin got deleted.
Also even if player.bin passes today, it's highly likely it will get attacked again later. I already tried confirming that by usually waiting for a day or two after player.bin gets deleted, downloading whatever is the latest build and copying it… every time the same story (that's why I posted that screenshot with the caption "As you can see it goes to my ZGE directory every few days and randomly attacks files."): if it doesn't get deleted immediately upon downloading, it will get deleted later.
Edit: It updated itself, now it's on 1.309.1282.0.
Edit: Removed the word "Setup" from the Caption (ridiculous… but let's do it)
Also even if player.bin passes today, it's highly likely it will get attacked again later. I already tried confirming that by usually waiting for a day or two after player.bin gets deleted, downloading whatever is the latest build and copying it… every time the same story (that's why I posted that screenshot with the caption "As you can see it goes to my ZGE directory every few days and randomly attacks files."): if it doesn't get deleted immediately upon downloading, it will get deleted later.
Edit: It updated itself, now it's on 1.309.1282.0.
Edit: Removed the word "Setup" from the Caption (ridiculous… but let's do it)
Re: Virus or false positive?
I will find a way to make player.bin pass. It probably needs to be bloated even more
. Give me a few days.

Re: Virus or false positive?
It's crazy programs have to be bloated to work
Anyway just take your time, as far as my project is concerned I will be working on the graphics meanwhile.

Re: Virus or false positive?
It's crazy, I noticed windows 10 just deletes newly created EXEs made with z game editor, without warning, you have to add them to the exceptions list, every time a new version is saved.
Re: Virus or false positive?
Are you also using Windows Defender and the very latest ZGE? http://www.zgameeditor.org/files/ZGameEditor_beta.zip
I hope to find a solution soon. I may have to increase the binary size and/or build with Freepascal instead of Delphi.
Re: Virus or false positive?
Please try todays build where I built player.bin using Freepascal: http://www.zgameeditor.org/files/ZGameEditor_beta.zip