You have several options:
Originally Posted by seep
- if you can rebuild your app, wait for the Steam version of the build 292.27, with the changes we did in this build applications are not longer detected as false positive by the few anti-virus programs that recently reported it (except for MS Defender but hopefully they will fix it quickly).
- if you can't rebuild your app, submit it to the concerned anti-virus program via their false positive submission web page so that they fix it for your app.
- if your app is a commercial app you should purchase a code signing certificate and sign it, this often reduces the possibility to get flagged (not always enough though).
Originally Posted by Yves
When Is the release about build 292.27 on Steam? :)
Hi, I am suffering with a similar issue found by my users for my game submitted in a GameJam; except the anti-virus alert for my game is: Trojan: Win32/Wacatac.B!ml. I'm reporting as false positives to the many different anti-virus companies my users are highlighting, including Windows Defender. Seems a bit excessive but it will likely mean no users will pick up my game in the Jam. It also feels unprofessional to tell my users to ignore and treat as a false positive.
I really appreciate you working so hard on this. I know that normally it's an issue with AV programs, but when I didn't change anything significant in my code and I'm suddenly getting a lot of false positives, I knew there must be something else going on. Anyway, I really appreciate the beta update. Thanks, Yves!
Originally Posted by Yves
I just ran a test. I opened Fusion build 292.26 (steam version), and created a new application. It's got one frame, totally blank, nothing changed. I built the program "test.exe" and saved to my desktop.
It is immediately flagged and quarantined by Windows Defender. When I run it through VirusTotal, it gets 22 positive results, including 3 accounts of "Key Logger". The rest of the virus engines report "undetected."
While any program being detected as "malware" is annoying, being detected as "Key Logger" is a little more serious, and naturally would scare the **** out of anyone using one of our programs. Especially since its also flagging as "Zusy" - which a quick google search tells me is a type of Trojan that steals banking information. If I download any random software that flags as "keylogger" my natural instinct is "this thing is trying to steal my passwords and possibly access my bank accounts."
Now obviously, these Fusion programs aren't actually malware, and its a false positive. But the severity of a KeyLogger and identity theft trojan (even if false-positive) is very serious.
What is happening inside of a blank fusion app that triggers a "Key Logger" alert in all of these virus engines? It can't possibly be any sort of Fusion Extension, or any events, because this is a blank default new MFA file (built into an exe).
I wish these anti-virus programs would tell us a little more info about how or what exactly they are "detecting".
Fusion is a powerful tool - you could probably build keyloggers and trojan malware with it. Please don't forget that there is no real coding needed and its quick and easy to learn.
People are not always good. If you have a good game out on the market and I would be your main competitor, I would pull all the dirty tricks I could get - including submitting your game as potential threat. There are tons of sites on the net that offer shareware wrapped with malware installers. I could upload your game and report the file. Repeat that a few times and have fun with the reports you get from your loyal customers.
Not that I would do that personally. Just a thought.
Okay so leaving all the bad stuff aside, here is a good read about the general problem: https://weblog.west-wind.com/posts/2...alse-positives
Wow, that's an interesting read. Yeah, I'm aware that false positives have been a problem with AV since forever. But that situation described in the link is one of the most frustrating things I've read. All his files come up clean, but then he builds his program into the installer, and BAM: false positive. Makes no sense!
Originally Posted by Vaxx
And of course all these AV engines are basically a black-box to us -- we as software makers have no insight into what criteria they use to trigger these virus alerts.
I just downloaded the new Fusion 292.27 build, and created a new EXE of a blank frame. Microsoft Defender no longer flags blank Fusion apps as malware, but I'm still getting 18 false positives.
Most of the major AV programs read it as clean, but a few of the bigger ones (Avast, BitDefender, Kaperskey,AVG) reads it as malware. And a few are still picking up "Zusy / Key Logger".
What's frustrating though as a Fusion user is that unlike the blog you linked, I can't strip down my EXE's code to figure out what is triggering this stuff - because its already a blank MFA. I guess that's just he cost of ease-of-access, and not building one's program totally from scratch in C++ or something.
Regardless, having to convince people who download my EXE that there isn't a keylogger in it, is probably not very re-assuring to them.
These Anti-virus companies basically get to write the rules on who is a "legitimate" developer or not. The AV software we have available kinda sucks, but the alternative of using no AV isn't better. So we just have to deal with it. :/
Windows Security detects "Trojan: Win32 / Zpevdo.B" from "Thunderflash.exe".
My games have this problem. How can I fix It? :/
You can submit your EXE file as false positive to Microsoft so that they fix it in their next virus definition update: https://www.microsoft.com/en-us/wdsi/filesubmission
We've also submitted them some example files so that they fix it asap, this is a general issue with their anti-virus (and a few other ones, they must all use the same detection algorithms...).
Hi, today I uploaded all our games, now seems works fine! :D
Originally Posted by Yves