[3.87c] Virus scanner hates 32-bit verison
Moderator: GZDoom Developers
Forum rules
Contrary to popular belief, we are not all-knowing-all-seeing magical beings!
If you want help you're going to have to provide lots of info. Like what is your hardware, what is your operating system, what version of GZDoom/LZDoom/whatever you're using, what mods you're loading, how you're loading it, what you've already tried for fixing the problem, and anything else that is even remotely relevant to the problem.
We can't magically figure out what it is if you're going to be vague, and if we feel like you're just wasting our time with guessing games we will act like that's what you're really doing and won't help you.
Contrary to popular belief, we are not all-knowing-all-seeing magical beings!
If you want help you're going to have to provide lots of info. Like what is your hardware, what is your operating system, what version of GZDoom/LZDoom/whatever you're using, what mods you're loading, how you're loading it, what you've already tried for fixing the problem, and anything else that is even remotely relevant to the problem.
We can't magically figure out what it is if you're going to be vague, and if we feel like you're just wasting our time with guessing games we will act like that's what you're really doing and won't help you.
- InsanityBringer
- Posts: 3386
- Joined: Thu Jul 05, 2007 4:53 pm
- Location: opening the forbidden box
[3.87c] Virus scanner hates 32-bit verison
From this thread.
Chrome and FF refused to download it, and if I forced it, Windows Defender would quickly step in and stop it. Googling around suggests it to be one of those generic signatures that show up a lot in false positives.
Chrome and FF refused to download it, and if I forced it, Windows Defender would quickly step in and stop it. Googling around suggests it to be one of those generic signatures that show up a lot in false positives.
- Graf Zahl
- Lead GZDoom+Raze Developer
- Posts: 49067
- Joined: Sat Jul 19, 2003 10:19 am
- Location: Germany
Re: [3.87c] Virus scanner hates 32-bit verison
It's a false positive. Complain to the creators of these bogus lists to get it removed. We are powerless in light of such stupidity. BTW, it only seems to trigger an alert when downloading in the browser. Starting the EXE does not trigger my antivirus, so unfortunately I cannot even tell which file in there is responsible.
- drfrag
- Vintage GZDoom Developer
- Posts: 3141
- Joined: Fri Apr 23, 2004 3:51 am
- Location: Spain
- Contact:
Re: [3.87c] Virus scanner hates 32-bit verison
I get the Defender positive only with the 32 bit executable. Trojan:Win32/Woreflint.A!cl
- wildweasel
- Posts: 21706
- Joined: Tue Jul 15, 2003 7:33 pm
- Preferred Pronouns: He/Him
- Operating System Version (Optional): A lot of them
- Graphics Processor: Not Listed
- Contact:
Re: [3.87c] Virus scanner hates 32-bit verison
Best suggestion is to see if there's a way to submit a file for review by whoever runs the scanning service. If they can't fix whatever bug is causing the false positive, there is more than likely a database of them that they can add it to, that'll get released in the next set of definitions.
- Graf Zahl
- Lead GZDoom+Raze Developer
- Posts: 49067
- Joined: Sat Jul 19, 2003 10:19 am
- Location: Germany
Re: [3.87c] Virus scanner hates 32-bit verison
Which file triggers it? On my system Windows Defender remains silent.
- InsanityBringer
- Posts: 3386
- Joined: Thu Jul 05, 2007 4:53 pm
- Location: opening the forbidden box
Re: [3.87c] Virus scanner hates 32-bit verison
I'm kinda surprised VirusTotal isn't flagging it, since things like Chrome tend to have results relatively consistent with it, even for false positives in the past. I really had no doubt it was a false positive, but where do you even send these reports to anymore? I'm assuming there's some shared database that both MS and Google are using, but what is it? (I'd like to send them the full disassembly of a simple "Hello World" program it flagged a few months ago...)
- phantombeta
- Posts: 2088
- Joined: Thu May 02, 2013 1:27 am
- Operating System Version (Optional): Windows 10
- Graphics Processor: nVidia with Vulkan support
- Location: Brazil
Re: [3.87c] Virus scanner hates 32-bit verison
It seems like it gives completely different results if you unzip it and scan just the EXE file. Here's the report. It originally had 20 antiviruses flagging it as suspicious (Seems someone ran it before), but I told it to rerun it and it says 22 now.
- Graf Zahl
- Lead GZDoom+Raze Developer
- Posts: 49067
- Joined: Sat Jul 19, 2003 10:19 am
- Location: Germany
Re: [3.87c] Virus scanner hates 32-bit verison
Makes me wonder if it's the XP toolset causing the mess.
- drfrag
- Vintage GZDoom Developer
- Posts: 3141
- Joined: Fri Apr 23, 2004 3:51 am
- Location: Spain
- Contact:
Re: [3.87c] Virus scanner hates 32-bit verison
Now 3.87b and 3.87a also give a positive: Trojan:Win32/Zpevdo.B
- drfrag
- Vintage GZDoom Developer
- Posts: 3141
- Joined: Fri Apr 23, 2004 3:51 am
- Location: Spain
- Contact:
Re: [3.87c] Virus scanner hates 32-bit verison
Most likely it's a combination of the XP toolset and the custom internal _stat function.
Edit: May be not, 3.86a doesn't give a positive.
Edit: May be not, 3.86a doesn't give a positive.
- PlayerLin
- Posts: 581
- Joined: Sun Nov 11, 2007 4:20 am
- Graphics Processor: nVidia with Vulkan support
- Location: XinZhuang, XinBei/New Taipei City(Former Taipei County), Taiwan.
- Contact:
Re: [3.87c] Virus scanner hates 32-bit verison
phantombeta wrote:It seems like it gives completely different results if you unzip it and scan just the EXE file. Here's the report. It originally had 20 antiviruses flagging it as suspicious (Seems someone ran it before), but I told it to rerun it and it says 22 now.
If you read those results, they're NOT consistent...some say virus A, some others say B and some say other shit or just too sensitive for some reasons...
I would say send the file to those AV authors and let them do detailed test would be better solution...?
Re: [3.87c] Virus scanner hates 32-bit verison
Lately they don't seem to care. We're not some multi-million dollar software firm with a reputation to uphold or the ability to hire corporate lawyers that can send them into bankruptcy, so they feel not threatened by us nor like any sort of software we develop even matters.PlayerLin wrote:I would say send the file to those AV authors and let them do detailed test would be better solution...?
-
- Posts: 37
- Joined: Sat Jun 06, 2020 5:41 am
Re: [3.87c] Virus scanner hates 32-bit verison
I also saw this issue on my end, I've submitted the LZDoom executable to Microsoft for re-analysis.
They usually respond in about 12 hours (from what I can tell).
Should I hear anything, I will either edit this post or add a new reply
Edit:
Microsoft has removed the false positive detection for the LZDoom executable in definition update 1.331.2475.0
They usually respond in about 12 hours (from what I can tell).
Should I hear anything, I will either edit this post or add a new reply
Edit:
Microsoft has removed the false positive detection for the LZDoom executable in definition update 1.331.2475.0
- drfrag
- Vintage GZDoom Developer
- Posts: 3141
- Joined: Fri Apr 23, 2004 3:51 am
- Location: Spain
- Contact:
Re: [3.87c] Virus scanner hates 32-bit verison
Thanks.electrodragon554 wrote: Microsoft has removed the false positive detection for the LZDoom executable in definition update 1.331.2475.0