Jump to content

  • Log In with Google      Sign In   
  • Create Account

Why does my anti-virus program think my programs are suspicious?


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
14 replies to this topic

#1 lride   Members   -  Reputation: 633

Like
0Likes
Like

Posted 10 October 2012 - 06:10 PM

avast always interupts execution of my game saying my games can be threat.
why? why makes it think that only the programs I make are threats?
An invisible text.

Sponsor:

#2 frob   Moderators   -  Reputation: 22731

Like
2Likes
Like

Posted 10 October 2012 - 06:54 PM

What is your virus scanner? If you are concerned contact the company and ask them what to do about false positives. Usually you can add it to a white list in your virus scanner if nothing else.

Check out my book, Game Development with Unity, aimed at beginners who want to build fun games fast.

Also check out my personal website at bryanwagstaff.com, where I write about assorted stuff.


#3 Captacha   Members   -  Reputation: 141

Like
0Likes
Like

Posted 10 October 2012 - 07:51 PM

Are they multiplayer games, maybe the games are trying to go past the firewall protections.

#4 SimonForsman   Crossbones+   -  Reputation: 6305

Like
0Likes
Like

Posted 10 October 2012 - 11:33 PM

Is it not just windows complaining about the file not being signed ?
Does a straightforward hello world console program have the same issue ?

Edited by SimonForsman, 10 October 2012 - 11:33 PM.

I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!

#5 Ripiz   Members   -  Reputation: 529

Like
0Likes
Like

Posted 11 October 2012 - 02:05 AM

Are you using GetAsyncKeyState() or similar functions? Kaspersky antivirus complains it could potentially be a keylogger.

#6 Kyall   Members   -  Reputation: 287

Like
1Likes
Like

Posted 11 October 2012 - 02:25 AM

I use AVG and it has the habit of reporting any application with

std::cout << (int value) << std::endl;

as being a backdoor trojan. You can deal with it simply enough by disabling the anti-virus while you're developing, or finding a way to stop it from active scanning your projects folder. But when it comes time to release you'll probably have to test your executable against virus scanners for false positives. When it comes to releasing an executable in a world with crap virus scanners does anyone have any pre-release tips ? Because I'd like to hear them.
I say Code! You say Build! Code! Build! Code! Build! Can I get a woop-woop? Woop! Woop!

#7 Barbossa   Members   -  Reputation: 831

Like
1Likes
Like

Posted 11 October 2012 - 03:51 AM

I would upload all executable files to Virustotal.com because the website uses the most popular scanners and offers an impression of how the game will be handled after the release.
Now you have to wait about a week and then check your files again(because usually the submitted files will be forwarded to the anti-virus companies and checked again more carefully).
If there are any false-positives after the week, you have to contact the company behind the scanner, for Example http://support.kaspe...b/helpdesk.html for the Kaspersky Scanners.

Has anyone experience with the effect of signing executables with false-positives?

Edited by Barbossa, 11 October 2012 - 03:54 AM.


#8 samoth   Crossbones+   -  Reputation: 5034

Like
0Likes
Like

Posted 11 October 2012 - 04:17 AM

Avast (other than e.g. Kaspersky, which in my opinion used to be OK around 2008-2009, but is the worst ever malware per se, since then -- it renders my computer entirely unusable) does not complain about any of my own programs being malware.
It does show occasional false positives on some programs sometimes, but very very rarely. Usually it's a program like a CD ripper trying to get low level access to the drive.

Chances are good that what you see are still false positives, but my overall positive experience with Avast makes me think it isn't a bad idea to look into it anyway. It might still be that you really have some malware on your system that infected your compiler/linker or a library. As suggested above, Virustotal is a relatively easy way of verifying. It also displays the SHA-1 and MD5 of the respective files, so in case you didn't record hashes in the past, you can look them up there. If they're the same, it's highly unlikely that something has modified your compiler (or another program).

That said, the tip of turning off scanning for the development folder and the build tool folder is a good idea regardless of this issue, because live scanning and live defence usually makes a build 30-50% slower. It depends on your AV software (Kaspersky slows you down whenever KAV is installed, whether it scans or not), but for Avast it really makes a difference.

#9 TheVirtualDragon   Members   -  Reputation: 237

Like
0Likes
Like

Posted 11 October 2012 - 09:57 AM

I have Avast free and it also reports every single application I make as malware and that I should run it in sandbox. I think it does that probably because it doesn't recognize the program. I have given up on avast and bought something a bit more normal, like webroot.
What's This?: basically, it's my blog. Click on it.

#10 EVIL_ENT   Members   -  Reputation: 218

Like
0Likes
Like

Posted 11 October 2012 - 01:25 PM

Avira Free Antivirus was even reporting "int main(){ return 0; }" has some virus.
I sent them false positive reports for a few months every week and things seem to be fine now.
During that time I worked around it by placing a "glVertex2f(0, 0);" call at the beginning of my code which obviously did nothing because the opengl context wasn't even created but was enough to disrupt the flawed heuristics of antivir.
Maybe it works for you, too.
If it doesn't you could
-try to restructure your code
-use some exotic compile options
-use some virus-like habits to hide your code (e.g. encode your code and decode it when in use)
-or spam the developer of your antivirus software until he responds

#11 MarkS   Prime Members   -  Reputation: 887

Like
2Likes
Like

Posted 11 October 2012 - 05:12 PM

This is part of Avast's AutoSandbox feature. Go to Additional Protection->AutoSandbox and click on Settings. Turn it off.

#12 MrDaaark   Members   -  Reputation: 3555

Like
0Likes
Like

Posted 11 October 2012 - 05:20 PM

Maybe you actually have a virus, and it infects all you .exes the second they are created, via some OS hook?

#13 Kyall   Members   -  Reputation: 287

Like
0Likes
Like

Posted 11 October 2012 - 06:03 PM

I personally know I don't have a virus that infects all exe's via an OS hook because when I hit a problem where AVG says something is a threat, I head off and build a second application to see if it does the same there.

As to relevance to this post: If your virus scanner reports an exe you built as a virus, build another simple program to see if you can manage to build an exe that isn't detected to be a virus, just to make sure you don't have some serious form of infection in your pc.
I say Code! You say Build! Code! Build! Code! Build! Can I get a woop-woop? Woop! Woop!

#14 lride   Members   -  Reputation: 633

Like
0Likes
Like

Posted 11 October 2012 - 07:30 PM

I don't have a real virus.

This is part of Avast's AutoSandbox feature. Go to Additional Protection->AutoSandbox and click on Settings. Turn it off.

oh god thank you. I fixed it
An invisible text.

#15 MarkS   Prime Members   -  Reputation: 887

Like
0Likes
Like

Posted 11 October 2012 - 07:37 PM

oh god thank you. I fixed it


No problem! That was annoying the crap out of me as well. Couldn't compile an application without it being flagged. Even Morrowind and Skyrim (Avast must not like Bethesda) were flagged. I was about to uninstall Avast.




Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS