User Tag List

Page 1 of 4 1 2 3 ... LastLast
Results 1 to 10 of 37

Thread: How to prevent fusion games to be detected as virus?

  1. #1
    Clicker Fusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleUniversal Windows Platform Export ModuleSWF Export ModuleXNA Export Module
    Outcast's Avatar
    Join Date
    Jan 2011
    Location
    Sweden
    Posts
    3,156
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)

    Exclamation How to prevent fusion games to be detected as virus?

    I have got reports of this problem for a while on Steam that my games are detected as virus on many users virus programs. Lately it seems to have rammped up though and I think it is because Mcaffee is now reporting it as a virus: https://www.virustotal.com/#/file/08...9786/detection

    What can be done to prevent this from happening? I know it is a problem on other fusion games on Steam also so I don't think it is something specific I am doing in my game.

  2. #2
    Clicker Fusion 2.5 DeveloperFusion 2.5+ DLCiOS Export ModuleInstall Creator Pro
    Julian82's Avatar
    Join Date
    May 2012
    Location
    outbuddies.com
    Posts
    945
    Mentioned
    47 Post(s)
    Tagged
    0 Thread(s)
    I think you can't avoid this unless you code-sign your apps. And even then you can still get false positives. I've bought a certificate from the reseller Ksoftware last year. They offer good prices for Comodo certificates which are accepted by most antivirus scanners.

    Once you buy a certificate you've to go through a process called face-to-face validation, which is essentially paying a lawyer to validate a couple of private documents from you that are demanded by the Comodo team. This step can be quite expensive (for me it was around 350 USD), but you only have to do this process once.

    Once you are approved as a human by Comodo you can download your certificate and export it as a .pfx file. K-Software offer an easy tool called K-Sign. You basically load both your .exe and your certificate with it, sign your app and you're done. Pretty easy but the expenses of the whole process really suck...

    I personally think Steam should provide approved devs a free certificate that avoids issues like this.

  3. #3
    Clickteam Clickteam
    Danny's Avatar
    Join Date
    Aug 2007
    Location
    United Kingdom
    Posts
    3,008
    Mentioned
    21 Post(s)
    Tagged
    2 Thread(s)
    Yes, if you're publishing on a serious level (for Windows) you will need to sign your applications. It's the exact enforcement Google and Apple already adhere to for all app publishing. Windows also follows this rule. You may still get false positives but nothing near like the existing numbers and it's much easier for the AV companies to see your app digitally signed.
    Want to learn Clickteam Fusion 2.5?




  4. #4
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleInstall Creator Pro
    twister's Avatar
    Join Date
    Jan 2007
    Location
    Pacific Northwest USA
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi, does fusion 2.5 pro sign the exported exe file using the about properties, or is there another process that Windows requires to digitally sign the exe?

  5. #5
    Clickteam Clickteam
    Danny's Avatar
    Join Date
    Aug 2007
    Location
    United Kingdom
    Posts
    3,008
    Mentioned
    21 Post(s)
    Tagged
    2 Thread(s)
    There is no method in Fusion. You compile your executable and then use 3rd party tools to encrypt the certificate into the file...
    Want to learn Clickteam Fusion 2.5?




  6. #6
    Clicker Fusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleUniversal Windows Platform Export ModuleSWF Export ModuleXNA Export Module
    Outcast's Avatar
    Join Date
    Jan 2011
    Location
    Sweden
    Posts
    3,156
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Julian82 View Post
    I think you can't avoid this unless you code-sign your apps. And even then you can still get false positives. I've bought a certificate from the reseller Ksoftware last year. They offer good prices for Comodo certificates which are accepted by most antivirus scanners.

    Once you buy a certificate you've to go through a process called face-to-face validation, which is essentially paying a lawyer to validate a couple of private documents from you that are demanded by the Comodo team. This step can be quite expensive (for me it was around 350 USD), but you only have to do this process once.

    Once you are approved as a human by Comodo you can download your certificate and export it as a .pfx file. K-Software offer an easy tool called K-Sign. You basically load both your .exe and your certificate with it, sign your app and you're done. Pretty easy but the expenses of the whole process really suck...

    I personally think Steam should provide approved devs a free certificate that avoids issues like this.
    I doubt many small indies go through these steps with a lawyer, and there seems to be something in Fusion built games that trigger more virus programs to detect the exe as a virus than other engines. I have checked a bunch of very small indie games on Steam that I am sure do not go through any such procedure and they are mostly completely clean or have at most 1 false positive. When I check different Fusion games though that are on Steam most of them have about 5-6 false positives.

  7. #7
    Clicker Fusion 2.5 Developer
    Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Fusion 2.5+ DLC (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)iOS Export Module (Steam)
    J3sseM's Avatar
    Join Date
    Feb 2013
    Location
    Finland
    Posts
    868
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Time for CT signing services! 100$ per game, perhaps?
    Such thing doesn't exist but I'd probably use service like that.

  8. #8
    Clicker Fusion 2.5 DeveloperFusion 2.5+ DLCiOS Export ModuleInstall Creator Pro
    Julian82's Avatar
    Join Date
    May 2012
    Location
    outbuddies.com
    Posts
    945
    Mentioned
    47 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Outcast View Post
    I doubt many small indies go through these steps with a lawyer, and there seems to be something in Fusion built games that trigger more virus programs to detect the exe as a virus than other engines.
    I doubt this too Even well-known devs like Brash Monkey (Spriter) still distribute unsigned .exe. Having to go through this process was a very unpleasant surprise to me. It felt like "Well, you bought this license from us... but we can't trust you, sorry. You also have to pay a laywer to convince us." At first I got very angry about this, as I had provided a lot of private documents about my business, but Comodo insisted on these documents getting validated. If you've run a well known successful software business before you probably can avoid this, but I'm unknown and located outside of the US, so from their point of view demanding this process is probably reasonable. The costs for laywers will also differ a lot depending on your location, in Germany they're (unfortunately) extremely expensive.

    I also checked back with Comodo about these issues, as my apps were still tackled by some scanners although I had signed them. They told me that next to having signed an app also the install base of a software is put into the account. If a software is frequently downloaded and has a huge install base without reported troubles, most scanners as well as Windows defender will trust it.

    Signing your code has some additional benefits though, despite having better chances with the virus scanners. It's like a seal, so if someone decompiles or manipulates your .exe in any way there's no change to re-distribute it under your flag. This will essentially protect you from lawsuits if this manipulated software should cause some people trouble and they try to sue you as the developer. I know this is a nightmare scenario that will probably never happen, but if it happens and you've not prepared yourself you're doomed.

    I think the idea of J3sseM is actually really good. Anyway, in this case, CT would be responsible for any software that is distributed under CT's flag and I doubt they have the resources to validate all the demands and check our apps This process could be outsourced to a group of trustet and known forum members/moderators though.

  9. #9
    Clickteam Clickteam
    Danny's Avatar
    Join Date
    Aug 2007
    Location
    United Kingdom
    Posts
    3,008
    Mentioned
    21 Post(s)
    Tagged
    2 Thread(s)
    I have followed this up with some additional thoughts and ideas - https://clickfusion.academy/prevent-...gs-fusion-2-5/
    Want to learn Clickteam Fusion 2.5?




  10. #10
    Clicker Fusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleUniversal Windows Platform Export ModuleSWF Export ModuleXNA Export Module
    Outcast's Avatar
    Join Date
    Jan 2011
    Location
    Sweden
    Posts
    3,156
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by J3sseM View Post
    Time for CT signing services! 100$ per game, perhaps?
    Such thing doesn't exist but I'd probably use service like that.
    I would also use it!

    Is it possible Fusion 3 built apps would be less prone to false positive detection?

Page 1 of 4 1 2 3 ... LastLast

Similar Threads

  1. Replies: 2
    Last Post: 28th August 2015, 07:45 PM
  2. Replies: 2
    Last Post: 3rd May 2015, 04:08 AM
  3. Game detected as a virus
    By dougf in forum Multimedia Fusion 2 - Technical Support
    Replies: 18
    Last Post: 1st March 2011, 04:29 PM
  4. INST.$$A detected as virus by McAfee!?
    By DoMi in forum Multimedia Fusion 2 - Technical Support
    Replies: 15
    Last Post: 7th October 2010, 04:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •