AGS is prevented by Antivirus

[samekiller]

hi everyone. I recently ran into the problem that my windows antvirus is preventing installation the AGS engine. No one has ever encountered something like this before? Checked on virustotal installer but it didn't find anything. Explain why the antivirus is preventing me

[Alan v.Drake]

It's mostly heuristics engines as far as I can tell. Some parts of code cause false positives sometimes, despite our efforts this keeps happening now and then.
I did find one factor, but there's at least one more that we haven't discovered yet.

Last time I uninstalled my antivirus to enable Defender it vexed me finding nothing... I wish it was easier to reproduce when I want to actively look into it.


- Alan

[Khris]

On running the latest build of AGS 3.6.1. I ran into a similar issue: Windows Defender complained about being unable to verify the debug exe's publisher when I hit F5 to test a game, which means on each test run I had to tell Windows that, yes, I'm sure, I want to run this software. Unchecking "Always ask before opening this file" had zero effect.

Adding the AGS folder to the whitelist in Windows Security had no effect either, so I was looking for another solution. Googling the problem I found this:

https://docs.rtafleet.com/troubleshooting-articles/troubleshooting-rpv/publisher-could-not-be-verified-%252F-unknown-publisher/

This method worked wonders, so here's how to do this in case the link dies:

1. Press the Windows key and type "gpedit". This should find the "Edit group policy" app from the control panel. Open it.
2. In the tree, navigate to "User Configuration -> Administrative Templates -> Windows Components -> Attachment Manager"
3. Double-click "Inclusion list for moderate risk file types"
4. Set it to "Enabled" and in the Options part, enter ".exe" without the quotes into the box

Note that this possibly makes your virus detection less effective, so don't do this if you like to open attachments from unknown senders

[eri0o]

Hey @Khris , I don't know if you have this consistently, but if you do, could you remove these changes and check if Windows Defender still triggers this when testing the game with this change here: https://github.com/adventuregamestudio/ags/pull/2391
The CI build is here: https://cirrus-ci.com/task/6588979158450176

My guess is it's blocking because by .NET default the process had shell access

[Laura Hunt]

Adding the AGS folder to the whitelist in Windows Security had no effect either, so I was looking for another solution.

Aren't you supposed to add the game's own Compiled folder as an exception to Windows Defender, rather than the AGS folder? This is what I do and I haven't had this issue in ages.

[Khris]

@eri0o Good to know, I'll try this when I get home (I can reproduce the issue if I undo the policy change)

@Laura Hunt I also added the Debug folder but it didn't help
This only started about a week ago, I didn't have any issues before

[Laura Hunt]

@Laura Hunt I also added the Debug folder but it didn't help

I only have the Compiled folder added to my Defender exceptions, nothing else, not Debug either. Just tried running my game with F5 (AGS version 3.6.1.23) and I have no issues whatsoever. I'm running Windows 10 though, so maybe it's a Windows 11-specific issue.

[LimpingFish]

Running 11 Pro, and I've never had any interference from Defender when running AGS, AGS games, or compiling and running AGS games.

Installed AGS 3.6.1 just to see, but still no problems.

As usual, Defender did chirp when I ran the AGS installer, flagging it with the "Unknown Publisher" alert, but it generally does that (inconsistently) with installers. Some trigger it, some don't.

[Khris]

I'm also running Win 11 Pro, and I've removed the policy change.

I tested the 3.6.2-dev build and Defender prevented AGSEditor.exe from running but clicking "More Info" and "Run anyway" fixed it for good.
Also, test-running the game via F5 did work fine!

Note:
I tend to run executables from inside Total Commander, which I always run with admin rights. This means that the program also runs with elevated rights (as opposed to from Explorer in user mode), which might have an influence.

[eri0o]

@Khris thanks for checking this! @Crimson Wizard I think that commit is safe to bring to 3.6.1 branch.

[morganw]

As usual, Defender did chirp when I ran the AGS installer, flagging it with the "Unknown Publisher" alert, but it generally does that (inconsistently) with installers. Some trigger it, some don't.

It is likely because NTFS metadata is present which indicates that you downloaded this file from the Internet. Web browsers typically set this on Windows at the time the file is downloaded. If you "unblock" the file before executing it, the prompt may disappear. (see https://adventuregamestudio.github.io/ags-manual/TroubleshootingWindowsZoneID.html)

Note:
I tend to run executables from inside Total Commander, which I always run with admin rights. This means that the program also runs with elevated rights (as opposed to from Explorer in user mode), which might have an influence.

The AGS installer should be run as a regular user.  It requests elevation to perform the installation and then drops those privileges if you choose to start the program once it is installed.  You probably do not want your first launch of an application to be able to write to locations which later launches cannot.

As a general rule, you shouldn't assume that any installers are actually dropping privileges if they offer an option to launch the application, since there is no guarantee it was implemented correctly by the author of the installer. If in doubt, don't ever take the option to launch the program if the installer offers it.

[Khris]

@morganw I never install programs that also offer a portable version. I just download the AGS zip and extract it.