Virus or false positive?

All topics about ZGameEditor goes here.

Moderator: Moderators

User avatar
Kjell
Posts: 1715
Joined: Sat Feb 23, 2008 11:15 pm

Re: Virus or false positive?

Post by Kjell » Wed Aug 14, 2019 10:17 am

Hi rrTea,
rrTea wrote:
Wed Aug 14, 2019 1:54 am
So I tested my new project (was just getting ready to publish it) and it came out with a 20/66 score ("seriously suspicious" I assume), crazy! I have no idea what to do :(
Once you're completely done with a project, you can submit it to the AV vendors that have detected it as false-positive for analysis. Be aware that even the slightest change to your executable might trigger false-positives again ( hence the "completely done" ).

Avast, AVG, Comodo, McAfee, Microsoft, Symantec etc.

Full list here

K

User avatar
Ats
Posts: 257
Joined: Fri Sep 28, 2012 10:05 am
Contact:

Re: Virus or false positive?

Post by Ats » Sat Sep 21, 2019 11:35 am

Hi,

We can't download ZGE anymore from this website using chrome:
"Dangerous file", no options other than abort. :x

This is getting really annoying... I'm installing Midori in order to try.

Edit: Midori is working like a charm for downloading "risky" files.
Last edited by Ats on Sun Sep 29, 2019 2:08 am, edited 1 time in total.

User avatar
VilleK
Site Admin
Posts: 2029
Joined: Mon Jan 15, 2007 4:50 pm
Location: Stockholm, Sweden
Contact:

Re: Virus or false positive?

Post by VilleK » Mon Sep 23, 2019 7:36 am

I assume the virus scanners have issues with player.bin because it is so small. For the game by rrTea I made a custom build of player.bin that is 800kb and that works much better. I may have to "bloat" the main ZGE download too in the same way. But it really feels silly because one of my main design criteria with ZGE was to make such a small runtime as possible and now it has to be artificially inflated just to please the antivirus software.

User avatar
rrTea
Posts: 383
Joined: Sat Feb 15, 2014 9:54 am
Contact:

Re: Virus or false positive?

Post by rrTea » Mon Sep 23, 2019 9:20 am

After using the "sign of the times" build for a week or two, I can report that it scores much lower on VirusTotal and doesn't cause alarms at all (at least on my computer)! I have the impression launching builds is slightly slower (I keep my project on an old SD card so file size differences can be felt) but nothing to worry about really. I just have to remember to untick "Remove unused code" every time I start ZGE, otherwise Windows won't let the built programs run.

I agree with Ville that it makes no sense to bloat the file for no reason other than to please security software but it seems there is no other way. The builds are still smaller than anything any other engine would produce for a project of comparable complexity though ;)

btw I see nobody took up my quiz from the previous page :D maybe for the best since it's quite irritating (no matter what you do it always asks for a permission, even with a new ZGE build) and when you find out why is it behaving like that… it's unsettling (nothing to do with ZGE).

User avatar
VilleK
Site Admin
Posts: 2029
Joined: Mon Jan 15, 2007 4:50 pm
Location: Stockholm, Sweden
Contact:

Re: Virus or false positive?

Post by VilleK » Mon Sep 23, 2019 10:58 am

rrTea wrote:
Mon Sep 23, 2019 9:20 am
when you find out why is it behaving like that… it's unsettling (nothing to do with ZGE).
Why does it behave like that? I did not get a warning here (could be that I'm using the larger player.bin) but I'm curious to what trick it is that you mention.

User avatar
VilleK
Site Admin
Posts: 2029
Joined: Mon Jan 15, 2007 4:50 pm
Location: Stockholm, Sweden
Contact:

Re: Virus or false positive?

Post by VilleK » Mon Sep 23, 2019 11:17 am

I tried to update ZGE here with medium bloated runtimes (350kb). They only produce 4 false positives when uploaded to virus total but I still get the download blocked when trying from Firefox here: http://www.zgameeditor.org/files/ZGameEditor_beta.zip

Edge browser downloads it fine.

User avatar
rrTea
Posts: 383
Joined: Sat Feb 15, 2014 9:54 am
Contact:

Re: Virus or false positive?

Post by rrTea » Mon Sep 23, 2019 1:02 pm

VilleK wrote:
Mon Sep 23, 2019 10:58 am
Why does it behave like that? I did not get a warning here (could be that I'm using the larger player.bin) but I'm curious to what trick it is that you mention.
Did you try to build + launch the project as is after downloading it? On my end it asks for administration account no matter what I do with it. But why? It's an empty project! And only this particular build, no other builds do that. No matter how much or little code I put in, only this particular file always asks for administration every time I want to run it.

Anyway here is the answer, select the text to see it:
As long as the file name contains the word "setup", it will attract attention of security systems even if it's empty :D So the methods for determining what is "suspicious" can be unexpectedly low-tech (as we saw on the previous page: size matters?). I discovered it by mistake because I named one of the builds "new enemy SETUP". I guess this mechanism's there because it does work for some cases but still :P
Last edited by rrTea on Tue Oct 01, 2019 11:55 pm, edited 2 times in total.

User avatar
Ats
Posts: 257
Joined: Fri Sep 28, 2012 10:05 am
Contact:

Re: Virus or false positive?

Post by Ats » Mon Sep 30, 2019 10:32 am

Thanks VilleK!!!
Ok, the resulted exe is a bit bigger, but it works perfectly. Hopefully I won't have bad review regarding antivirus problems with Omeganaut :D

User avatar
VilleK
Site Admin
Posts: 2029
Joined: Mon Jan 15, 2007 4:50 pm
Location: Stockholm, Sweden
Contact:

Re: Virus or false positive?

Post by VilleK » Mon Sep 30, 2019 12:38 pm

Ats wrote:
Mon Sep 30, 2019 10:32 am
Thanks VilleK!!!
Ok, the resulted exe is a bit bigger, but it works perfectly. Hopefully I won't have bad review regarding antivirus problems with Omeganaut :D
Good to hear :). Also I notice that this week I can download the ZGE beta in Firefox without issues so they must have updated their virus database.

Post Reply