Prevent AGS from triggering antiviruses

From Adventure Game Studio | Wiki
Revision as of 13:40, 29 September 2015 by Monsieur'ouxx (talk | contribs)
Jump to navigation Jump to search

Please note that the discussion about this topic is constantly updated on the AGS forums : How to remove alternate data streams from AGS files


Introduction

AGS works very well but it's not a big, corporate software that uses all the latest security mechanisms (such as certificates, permissions and stuff) to make it immediately recognized by antiviruses as harmless. In particular, there's a thing called "alternate data streams" that sometimes makes your antivirus panic and tell you that the game you just downloaded is a virus, when it's not. We help you getting rid of that issue. This trick was originally found, once again, by the guys from Wadjet Eye.


What are "alternate data streams" ?

You don't need to understand what alternate data streams are to get rid of the issue. We just explain briefly, so that you have a better idea of what you're doing.

When a file is stored on your computer by your Operating System (typically, Windows), it's written in a particular, standard way, that Windows will be able to read later. That's called the "File System". That's how Windows sorts out and writes your files, under the hood. In Windows, the File System is called NTFS, and it's different on each big system: For example, in Linux and Macs, they use instead the "NFS" file system. And on USB sticks, they've been using the old "FAT32" file system for a very long time, to avoid compatibility issues.

Long things short, sometimes, Windows needs to mix data from a foreign file system (e.g. NFS) into its very own NTFS data. For example, when some files also need to be read on another system. That's when "alternate data streams" come in. They are a way for Windows to remind itself: "You don't understand this chunk of data that's written there? Well don't worry, that's normal, that's because it's from another system. Just keep it there and don't mess with it. Also, don't display it in the Explorer".

So far so good. The trouble is that some smart arses started to use this to hide data, possibly fraudulent stuff. Alternate data streams started being used by viruses, for example. Don't get it wrong, it's very legit, but seeing alternate data streams in yoru files makes antiviruses suspicious of them, no matter what. And since AGS has started becoming cross-platform, there will be some alternate data streams in your files.

How do I clean my game files from "alternate data streams" ?

There's a tool for Windows called "streams.exe", that you can download here : https://technet.microsoft.com/en-us/sysinternals/bb897440

  1. Download the tool. Extract it to any temporary folder you wish. For example c:\myfolder
  2. Open a Windows Command prompt (old-style access: Start-->All Programs-->Utilities-->Command Prompt) (you can also press the keystroke Windows+R, then type "cmd.exe" in the window that appears)
  3. I didn't test to see if it's required to run it as administrator. (If you encounter issues, then start the command prompt by right-clicking on its icon and selecting "run as administrator")
  4. in the command prompt, go to the folder where you've put streams.exe :
cd c:\myfolder
  1. run the following command to remove the alternate data streams:
streams.exe -s -d "<EXTRACTED FOLDER>"

(you need to replace "<EXTRACTED FOLDER> with the path to the folder of the game. For example "c:\Users\MyAccount\My Documents\AGS Games\MyGame" (please note the double quotes)



Please note that the discussion about this topic is constantly updated on the AGS forums : How to remove alternate data streams from AGS files