Sign in to follow this  
lride

Why does my anti-virus program think my programs are suspicious?

Recommended Posts

lride    674
avast always interupts execution of my game saying my games can be threat.
why? why makes it think that only the programs I make are threats?

Share this post


Link to post
Share on other sites
frob    44908
What is your virus scanner? If you are concerned contact the company and ask them what to do about false positives. Usually you can add it to a white list in your virus scanner if nothing else.

Share this post


Link to post
Share on other sites
Ripiz    539
Are you using GetAsyncKeyState() or similar functions? Kaspersky antivirus complains it could potentially be a keylogger.

Share this post


Link to post
Share on other sites
Kyall    287
I use AVG and it has the habit of reporting any application with

std::cout << (int value) << std::endl;

as being a backdoor trojan. You can deal with it simply enough by disabling the anti-virus while you're developing, or finding a way to stop it from active scanning your projects folder. But when it comes time to release you'll probably have to test your executable against virus scanners for false positives. When it comes to releasing an executable in a world with crap virus scanners does anyone have any pre-release tips ? Because I'd like to hear them.

Share this post


Link to post
Share on other sites
Barbossa    967
I would upload all executable files to Virustotal.com because the website uses the most popular scanners and offers an impression of how the game will be handled after the release.
Now you have to wait about a week and then check your files again(because usually the submitted files will be forwarded to the anti-virus companies and checked again more carefully).
If there are any false-positives after the week, you have to contact the company behind the scanner, for Example [url="http://support.kaspersky.com/virlab/helpdesk.html"]http://support.kaspe...b/helpdesk.html[/url] for the Kaspersky Scanners.

Has anyone experience with the effect of signing executables with false-positives? Edited by Barbossa

Share this post


Link to post
Share on other sites
Avast (other than e.g. Kaspersky, which in my opinion used to be OK around 2008-2009, but is the worst ever malware [i]per se[/i], since then -- it renders my computer entirely unusable) does not complain about any of my own programs being malware.
It does show occasional false positives on some programs sometimes, but very very rarely. Usually it's a program like a CD ripper trying to get low level access to the drive.

Chances are good that what you see are still false positives, but my overall positive experience with Avast makes me think it isn't a bad idea to look into it anyway. It might still be that you [i]really [/i]have some malware on your system that infected your compiler/linker or a library. As suggested above, Virustotal is a relatively easy way of verifying. It also displays the SHA-1 and MD5 of the respective files, so in case you didn't record hashes in the past, you can look them up there. If they're the same, it's highly unlikely that something has modified your compiler (or another program).

That said, the tip of turning off scanning for the development folder and the build tool folder is a good idea regardless of this issue, because live scanning and live defence usually makes a build 30-50% slower. It depends on your AV software (Kaspersky slows you down whenever KAV is installed, whether it scans or not), but for Avast it really makes a difference.

Share this post


Link to post
Share on other sites
I have Avast free and it also reports every single application I make as malware and that I should run it in sandbox. I think it does that probably because it doesn't recognize the program. I have given up on avast and bought something a bit more normal, like webroot.

Share this post


Link to post
Share on other sites
EVIL_ENT    276
Avira Free Antivirus was even reporting "int main(){ return 0; }" has some virus.
I sent them false positive reports for a few months every week and things seem to be fine now.
During that time I worked around it by placing a "glVertex2f(0, 0);" call at the beginning of my code which obviously did nothing because the opengl context wasn't even created but was enough to disrupt the flawed heuristics of antivir.
Maybe it works for you, too.
If it doesn't you could
-try to restructure your code
-use some exotic compile options
-use some virus-like habits to hide your code (e.g. encode your code and decode it when in use)
-or spam the developer of your antivirus software until he responds

Share this post


Link to post
Share on other sites
Kyall    287
I personally know I don't have a virus that infects all exe's via an OS hook because when I hit a problem where AVG says something is a threat, I head off and build a second application to see if it does the same there.

As to relevance to this post: If your virus scanner reports an exe you built as a virus, build another simple program to see if you can manage to build an exe that isn't detected to be a virus, just to make sure you don't have some serious form of infection in your pc.

Share this post


Link to post
Share on other sites
lride    674
I don't have a real virus.
[quote name='MarkS' timestamp='1349997132' post='4989296']
This is part of Avast's AutoSandbox feature. Go to Additional Protection->AutoSandbox and click on Settings. Turn it off.
[/quote]
oh god thank you. I fixed it

Share this post


Link to post
Share on other sites
MarkS    3502
[quote name='lride' timestamp='1350005451' post='4989336']
oh god thank you. I fixed it
[/quote]

No problem! That was annoying the crap out of me as well. Couldn't compile an application without it being flagged. Even Morrowind and Skyrim (Avast must not like Bethesda) were flagged. I was about to uninstall Avast.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this