exe anti-virus false positives

Printable View

20th December 2015, 07:22 PM
Ziplock

exe anti-virus false positives

In this thread, Danny has the following solutions to getting users to stop getting false positives from their anti-virus software:

1) Uncheck compress the runtime
2) Sign it
3) Trusted installer
4) "Don't let people download your exe directly from your website, that is bound to hit roadblocks along the route (ie: google flagging as unsafe after downloading), Windows defender flagging up a suspect executable that doesn't appear to be a common 'install file'."

Well, if I can't upload it to my website, where should I put it? Is he talking about gamejolt or mediafire or something?

And is this the exhaustive list, or does anyone else have any ideas? There's never really much talk about getting around people's strict anti-virus softwares.
21st December 2015, 02:42 PM
jn2002dk

You could also scan your exe with VirusTotal and then make a false flag report with each AV vendor that flags it as malware. You would have to do this every time you update your games though

I will try to refrain from going on a rant about how terrible the heuristic scan approach is but this topic pops up regularly because developers are the ones who gets hurt by it

As for point 4 i can't speak for Danny but getting your game on known sites and portals such as Steam, GOG, Direct2Drive etc will certainly alleviate a lot of the hassle with AVs
21st December 2015, 06:01 PM
Ziplock

Hey, thanks. Submitting my own flag report is a great idea! But this is going to be a free fan-game. Think game-jolt is a good one?
21st December 2015, 06:59 PM
advaith

I ran 2 of my programs through VirusTotal.

My Configuration: Zips containing program Exes upload to my Google site.

Both of them are marked as malware by DrWeb, Qihoo-360, Rising, and Zillya, and are clean for all other antiviruses.

I did not Uncheck Compress the Runtime, what are the differences between checked and unchecked other than antiviruses?
21st December 2015, 07:30 PM
advaith

I sent false positive reports to Dr. Web and 360 total security. It seems that Rising has a problem with false positives, and their website seems to have been shut down.
21st December 2015, 07:31 PM
happygreenfrog

Pretty much, you should just un-check it in the future, because the benefit (a slightly smaller exe file, maybe a megabyte or two (for the exact amount, make a blank MFA file, and compile it twice, once with the setting, once without, and subtract the file size of the smaller one from the file size of the larger one)) is far outweighed by the penalties (due to the way the setting works, virus scanners WILL go berserk over it, since extracting and EXE file from inside an EXE file is EXACTLY the sort of thing a virus would do, and it may even result in slightly longer loading times when first starting up the game on top of all that).
21st December 2015, 07:41 PM
advaith

This is weird: I just created a new app in Fusion, and Compress the Runtime is unchecked!

Maybe it is unchecked in the other apps too, I'm not sure.
21st December 2015, 07:43 PM
Ziplock

I think it used to default to checked in mmf2, but in cf2.5 it's unchecked.
21st December 2015, 08:48 PM
advaith

oh, so then I have to check it, because one was originally created in MMF2 but the other was created in cf2.5 (I think).
25th December 2015, 04:23 PM
jn2002dk

Quote:

Originally Posted by Ziplock

Hey, thanks. Submitting my own flag report is a great idea! But this is going to be a free fan-game. Think game-jolt is a good one?

I've never used game-jolt so hopefully someone with experience with it can chime in
25th December 2015, 10:37 PM
aenever

Game Jolt is super easy to upload your games to. I think it's great.