[3.87c] Virus scanner hates 32-bit verison

Need help running G/Q/ZDoom/ECWolf/Zandronum/3DGE? Did your computer break? Ask here.

Moderator: GZDoom Developers

[3.87c] Virus scanner hates 32-bit verison

Postby InsanityBringer » Sat Feb 27, 2021 12:37 pm

From this thread.

Chrome and FF refused to download it, and if I forced it, Windows Defender would quickly step in and stop it. Googling around suggests it to be one of those generic signatures that show up a lot in false positives.
User avatar
InsanityBringer
 
Joined: 05 Jul 2007
Location: opening the forbidden box
Discord: InsanityBringer#9908

Re: [3.87c] Virus scanner hates 32-bit verison

Postby Graf Zahl » Sat Feb 27, 2021 12:40 pm

It's a false positive. Complain to the creators of these bogus lists to get it removed. We are powerless in light of such stupidity. BTW, it only seems to trigger an alert when downloading in the browser. Starting the EXE does not trigger my antivirus, so unfortunately I cannot even tell which file in there is responsible.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: [3.87c] Virus scanner hates 32-bit verison

Postby drfrag » Sat Feb 27, 2021 1:04 pm

I get the Defender positive only with the 32 bit executable. Trojan:Win32/Woreflint.A!cl
User avatar
drfrag
Os voy a romper a pedazos!
Vintage GZDoom Developer
 
Joined: 23 Apr 2004
Location: Spain
Discord: drfrag#3555
Github ID: drfrag666

Re: [3.87c] Virus scanner hates 32-bit verison

Postby wildweasel » Sat Feb 27, 2021 1:16 pm

Best suggestion is to see if there's a way to submit a file for review by whoever runs the scanning service. If they can't fix whatever bug is causing the false positive, there is more than likely a database of them that they can add it to, that'll get released in the next set of definitions.
User avatar
wildweasel
change o' pace.
Moderator Team Lead
 
Joined: 15 Jul 2003

Re: [3.87c] Virus scanner hates 32-bit verison

Postby Graf Zahl » Sat Feb 27, 2021 1:40 pm

Which file triggers it? On my system Windows Defender remains silent.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: [3.87c] Virus scanner hates 32-bit verison

Postby _mental_ » Sat Feb 27, 2021 1:59 pm

The actual results by VirusTotal: 32-bit and 64-bit. I would say, go build a version from source code if those reports aren’t convincing enough.
_mental_
 
 
 
Joined: 07 Aug 2011

Re: [3.87c] Virus scanner hates 32-bit verison

Postby InsanityBringer » Sat Feb 27, 2021 3:12 pm

I'm kinda surprised VirusTotal isn't flagging it, since things like Chrome tend to have results relatively consistent with it, even for false positives in the past. I really had no doubt it was a false positive, but where do you even send these reports to anymore? I'm assuming there's some shared database that both MS and Google are using, but what is it? (I'd like to send them the full disassembly of a simple "Hello World" program it flagged a few months ago...)
User avatar
InsanityBringer
 
Joined: 05 Jul 2007
Location: opening the forbidden box
Discord: InsanityBringer#9908

Re: [3.87c] Virus scanner hates 32-bit verison

Postby phantombeta » Sat Feb 27, 2021 3:23 pm

It seems like it gives completely different results if you unzip it and scan just the EXE file. Here's the report. It originally had 20 antiviruses flagging it as suspicious (Seems someone ran it before), but I told it to rerun it and it says 22 now.
User avatar
phantombeta
Tired of being treated like trash by control freaks
 
Joined: 02 May 2013

Re: [3.87c] Virus scanner hates 32-bit verison

Postby Graf Zahl » Sat Feb 27, 2021 3:55 pm

Makes me wonder if it's the XP toolset causing the mess.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: [3.87c] Virus scanner hates 32-bit verison

Postby drfrag » Sat Feb 27, 2021 5:44 pm

Now 3.87b and 3.87a also give a positive: Trojan:Win32/Zpevdo.B
User avatar
drfrag
Os voy a romper a pedazos!
Vintage GZDoom Developer
 
Joined: 23 Apr 2004
Location: Spain
Discord: drfrag#3555
Github ID: drfrag666

Re: [3.87c] Virus scanner hates 32-bit verison

Postby drfrag » Sat Feb 27, 2021 6:08 pm

Most likely it's a combination of the XP toolset and the custom internal _stat function.
Edit: May be not, 3.86a doesn't give a positive.
User avatar
drfrag
Os voy a romper a pedazos!
Vintage GZDoom Developer
 
Joined: 23 Apr 2004
Location: Spain
Discord: drfrag#3555
Github ID: drfrag666

Re: [3.87c] Virus scanner hates 32-bit verison

Postby PlayerLin » Mon Mar 01, 2021 4:01 am

phantombeta wrote:It seems like it gives completely different results if you unzip it and scan just the EXE file. Here's the report. It originally had 20 antiviruses flagging it as suspicious (Seems someone ran it before), but I told it to rerun it and it says 22 now.



If you read those results, they're NOT consistent...some say virus A, some others say B and some say other shit or just too sensitive for some reasons...

I would say send the file to those AV authors and let them do detailed test would be better solution...?
User avatar
PlayerLin
 
Joined: 11 Nov 2007
Location: XinZhuang, XinBei/New Taipei City(Former Taipei County), Taiwan.
Operating System: Windows Vista/7/2008 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support

Re: [3.87c] Virus scanner hates 32-bit verison

Postby Rachael » Mon Mar 01, 2021 9:48 am

PlayerLin wrote:I would say send the file to those AV authors and let them do detailed test would be better solution...?

Lately they don't seem to care. We're not some multi-million dollar software firm with a reputation to uphold or the ability to hire corporate lawyers that can send them into bankruptcy, so they feel not threatened by us nor like any sort of software we develop even matters.
User avatar
Rachael
Admin
 
Joined: 13 Jan 2004
Discord: Rachael#3767
Twitch ID: madamerachelle
Github ID: madame-rachelle
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: ATI/AMD with Vulkan Support

Re: [3.87c] Virus scanner hates 32-bit verison

Postby electrodragon554 » Fri Mar 05, 2021 1:14 pm

I also saw this issue on my end, I've submitted the LZDoom executable to Microsoft for re-analysis.
They usually respond in about 12 hours (from what I can tell).
Should I hear anything, I will either edit this post or add a new reply

Edit:
Microsoft has removed the false positive detection for the LZDoom executable in definition update 1.331.2475.0
electrodragon554
 
Joined: 06 Jun 2020
OS Test Version: No (Using Stable Public Version)

Re: [3.87c] Virus scanner hates 32-bit verison

Postby drfrag » Sat Mar 06, 2021 3:04 am

electrodragon554 wrote:Microsoft has removed the false positive detection for the LZDoom executable in definition update 1.331.2475.0

Thanks.
User avatar
drfrag
Os voy a romper a pedazos!
Vintage GZDoom Developer
 
Joined: 23 Apr 2004
Location: Spain
Discord: drfrag#3555
Github ID: drfrag666

Next

Return to Technical Issues

Who is online

Users browsing this forum: No registered users and 0 guests