[3.87c] Virus scanner hates 32-bit verison

[InsanityBringer]

From this thread.

Chrome and FF refused to download it, and if I forced it, Windows Defender would quickly step in and stop it. Googling around suggests it to be one of those generic signatures that show up a lot in false positives.

[Graf Zahl]

It's a false positive. Complain to the creators of these bogus lists to get it removed. We are powerless in light of such stupidity. BTW, it only seems to trigger an alert when downloading in the browser. Starting the EXE does not trigger my antivirus, so unfortunately I cannot even tell which file in there is responsible.

[drfrag]

I get the Defender positive only with the 32 bit executable. Trojan:Win32/Woreflint.A!cl

[wildweasel]

Best suggestion is to see if there's a way to submit a file for review by whoever runs the scanning service. If they can't fix whatever bug is causing the false positive, there is more than likely a database of them that they can add it to, that'll get released in the next set of definitions.

[Graf Zahl]

Which file triggers it? On my system Windows Defender remains silent.

[_mental_]

The actual results by VirusTotal: 32-bit and 64-bit. I would say, go build a version from source code if those reports aren’t convincing enough.

[InsanityBringer]

I'm kinda surprised VirusTotal isn't flagging it, since things like Chrome tend to have results relatively consistent with it, even for false positives in the past. I really had no doubt it was a false positive, but where do you even send these reports to anymore? I'm assuming there's some shared database that both MS and Google are using, but what is it? (I'd like to send them the full disassembly of a simple "Hello World" program it flagged a few months ago...)

[phantombeta]

It seems like it gives completely different results if you unzip it and scan just the EXE file. Here's the report. It originally had 20 antiviruses flagging it as suspicious (Seems someone ran it before), but I told it to rerun it and it says 22 now.

[Graf Zahl]

Makes me wonder if it's the XP toolset causing the mess.

[drfrag]

Now 3.87b and 3.87a also give a positive: Trojan:Win32/Zpevdo.B

[drfrag]

Most likely it's a combination of the XP toolset and the custom internal _stat function.
Edit: May be not, 3.86a doesn't give a positive.

[PlayerLin]

It seems like it gives completely different results if you unzip it and scan just the EXE file. Here's the report. It originally had 20 antiviruses flagging it as suspicious (Seems someone ran it before), but I told it to rerun it and it says 22 now.

If you read those results, they're NOT consistent...some say virus A, some others say B and some say other shit or just too sensitive for some reasons...

I would say send the file to those AV authors and let them do detailed test would be better solution...?

[Rachael]

I would say send the file to those AV authors and let them do detailed test would be better solution...?

Lately they don't seem to care. We're not some multi-million dollar software firm with a reputation to uphold or the ability to hire corporate lawyers that can send them into bankruptcy, so they feel not threatened by us nor like any sort of software we develop even matters.

[electrodragon554]

I also saw this issue on my end, I've submitted the LZDoom executable to Microsoft for re-analysis.
They usually respond in about 12 hours (from what I can tell).
Should I hear anything, I will either edit this post or add a new reply

Edit:
Microsoft has removed the false positive detection for the LZDoom executable in definition update 1.331.2475.0

[drfrag]

Microsoft has removed the false positive detection for the LZDoom executable in definition update 1.331.2475.0

Thanks.