14 replies to this topic

[lride]

avast always interupts execution of my game saying my games can be threat.
why? why makes it think that only the programs I make are threats?

[frob]

What is your virus scanner? If you are concerned contact the company and ask them what to do about false positives. Usually you can add it to a white list in your virus scanner if nothing else.

[Captacha]

Are they multiplayer games, maybe the games are trying to go past the firewall protections.

[SimonForsman]

Is it not just windows complaining about the file not being signed ?
Does a straightforward hello world console program have the same issue ?

Edited by SimonForsman, 10 October 2012 - 11:33 PM.

[Ripiz]

Are you using GetAsyncKeyState() or similar functions? Kaspersky antivirus complains it could potentially be a keylogger.

[Kyall]

I use AVG and it has the habit of reporting any application with

std::cout << (int value) << std::endl;

as being a backdoor trojan. You can deal with it simply enough by disabling the anti-virus while you're developing, or finding a way to stop it from active scanning your projects folder. But when it comes time to release you'll probably have to test your executable against virus scanners for false positives. When it comes to releasing an executable in a world with crap virus scanners does anyone have any pre-release tips ? Because I'd like to hear them.

[Barbossa]

I would upload all executable files to Virustotal.com because the website uses the most popular scanners and offers an impression of how the game will be handled after the release.
Now you have to wait about a week and then check your files again(because usually the submitted files will be forwarded to the anti-virus companies and checked again more carefully).
If there are any false-positives after the week, you have to contact the company behind the scanner, for Example http://support.kaspe...b/helpdesk.html for the Kaspersky Scanners.

Has anyone experience with the effect of signing executables with false-positives?

Edited by Barbossa, 11 October 2012 - 03:54 AM.

[samoth]

Avast (other than e.g. Kaspersky, which in my opinion used to be OK around 2008-2009, but is the worst ever malware per se, since then -- it renders my computer entirely unusable) does not complain about any of my own programs being malware.
It does show occasional false positives on some programs sometimes, but very very rarely. Usually it's a program like a CD ripper trying to get low level access to the drive.

Chances are good that what you see are still false positives, but my overall positive experience with Avast makes me think it isn't a bad idea to look into it anyway. It might still be that you really have some malware on your system that infected your compiler/linker or a library. As suggested above, Virustotal is a relatively easy way of verifying. It also displays the SHA-1 and MD5 of the respective files, so in case you didn't record hashes in the past, you can look them up there. If they're the same, it's highly unlikely that something has modified your compiler (or another program).

That said, the tip of turning off scanning for the development folder and the build tool folder is a good idea regardless of this issue, because live scanning and live defence usually makes a build 30-50% slower. It depends on your AV software (Kaspersky slows you down whenever KAV is installed, whether it scans or not), but for Avast it really makes a difference.

[TheVirtualDragon]

I have Avast free and it also reports every single application I make as malware and that I should run it in sandbox. I think it does that probably because it doesn't recognize the program. I have given up on avast and bought something a bit more normal, like webroot.

[EVIL_ENT]

Avira Free Antivirus was even reporting "int main(){ return 0; }" has some virus.
I sent them false positive reports for a few months every week and things seem to be fine now.
During that time I worked around it by placing a "glVertex2f(0, 0);" call at the beginning of my code which obviously did nothing because the opengl context wasn't even created but was enough to disrupt the flawed heuristics of antivir.
Maybe it works for you, too.
If it doesn't you could
-try to restructure your code
-use some exotic compile options
-use some virus-like habits to hide your code (e.g. encode your code and decode it when in use)
-or spam the developer of your antivirus software until he responds

[MarkS]

This is part of Avast's AutoSandbox feature. Go to Additional Protection->AutoSandbox and click on Settings. Turn it off.

[MrDaaark]

Maybe you actually have a virus, and it infects all you .exes the second they are created, via some OS hook?

[Kyall]

I personally know I don't have a virus that infects all exe's via an OS hook because when I hit a problem where AVG says something is a threat, I head off and build a second application to see if it does the same there.

As to relevance to this post: If your virus scanner reports an exe you built as a virus, build another simple program to see if you can manage to build an exe that isn't detected to be a virus, just to make sure you don't have some serious form of infection in your pc.

[lride]

I don't have a real virus.

This is part of Avast's AutoSandbox feature. Go to Additional Protection->AutoSandbox and click on Settings. Turn it off.

oh god thank you. I fixed it

[MarkS]

oh god thank you. I fixed it

No problem! That was annoying the crap out of me as well. Couldn't compile an application without it being flagged. Even Morrowind and Skyrim (Avast must not like Bethesda) were flagged. I was about to uninstall Avast.