Text only | Text with Images

Adventure Game Studio

AGS Development => Engine Development => Topic started by: MurrayL on Mon 29/10/2012 15:54:52

Title: False Positive from Avast! Antivirus?
Post by: MurrayL on Mon 29/10/2012 15:54:52
One of the guys I'm working with has just told me that all compiled AGS games (or, at least, all 3.2.1 games we've made recently) are now coming up with a flag from Avast! Antivirus. This was on his computer, and on another person's, so it may well be across all PCs with Avast! installed. It only started happening today.

First they get this message:
(http://i.imgur.com/EwWY2.png)
(The file prevalence/reputation is low)

Then it says it couldnt find enough evidence to class it as malware but that [the user] should use extreme caution. The same error occurs with the game exe and winsetup.exe.

As a precaution, I uploaded the game exe to VirusTotal, but all 43 tests returned negative.

Something we should be aware of? This might mean Avast! is flagging all current AGS games as suspicious for some reason.
Title: Re: False Positive from Avast! Antivirus?
Post by: BigMc on Mon 29/10/2012 16:42:14
So this Antivirus warns everybody who executes programs which are not widely used. So what?
Title: Re: False Positive from Avast! Antivirus?
Post by: Calin Leafshade on Mon 29/10/2012 16:53:26
Seems that Avast sandboxes *everything* it doesn't recognise.

https://blog.avast.com/2012/03/20/autosandbox-why-are-you-annoying-me/

Nothing we can do really. Perhaps submitting some winsetups to them for analysis might mean they recognise the format.

In reality, the way AGS builds its files is fodder for anti viruses. Embedding binary data into an exe file is essentially a trojan and anti viruses often react to that in the way you would expect.
Title: Re: False Positive from Avast! Antivirus?
Post by: MurrayL on Mon 29/10/2012 17:02:57
Quote from: Calin Leafshade on Mon 29/10/2012 16:53:26
Nothing we can do really. Perhaps submitting some winsetups to them for analysis might mean they recognise the format.

Yeah, I figured as much. Thanks anyway!

As I said, it only started happening today. Maybe an update they pushed or something? My concern was that people might be put off from playing an AGS game - especially a commercial one - if their antivirus starts telling them to 'use extreme caution' whenever they launch it. Avast! isn't exactly a minor player in the home user antivirus scene.
Title: Re: False Positive from Avast! Antivirus?
Post by: SSH on Tue 30/10/2012 16:10:47
Quote from: Calin Leafshade on Mon 29/10/2012 16:53:26
Embedding binary data into an exe file is essentially a trojan and anti viruses often react to that in the way you would expect.

What other kind of data than binary do you have in YOUR exes? ;)
Title: Re: False Positive from Avast! Antivirus?
Post by: selmiak on Mon 12/11/2012 21:49:38
*opens howtoavoidtrojans.pdf.exe*
Text only | Text with Images