Virus scanners are right back to detecting Fusion-made EXEs as viruses already

[Yves]

Update: this is taking a bit more time than planned... hopefully new build will be available within 2 days.

[Outcast]

Sounds nice if there is possible to make this occur less often. I do get users from time to time in the Steam forums of my game that say they get my game detected as virus (and don't know how many get it but don't post about it). I find it strange though, I did a test for my game and it got detected by 5 virus programs. But Mcafee did not detect it as a virus. However I had a user on November 8 who had problems with the game being removed by Mcafee after playing for about 30 seconds. How come it is stated as non detected in my test but there is still user who have problem?

https://www.virustotal.com/gui/file/...cc48/detection

This was what he wrote: "i just bought the game and i wanted to play it. But my files got removed after playing for like 30sec. McAfee is claiming that theres malware. i tried to uninstall and installing again but it still removed the files. Any one know how to fix it or should i just get a refund."

[Yves]

>> How come it is stated as non detected in my test but there is still user who have problem?

Their virus definitions get updated every day, on day 0 your game may be undetected, on day 1 detected, on day 2 undetected again.

Note that most of those false positives are due to their heuristic engines, that detect viruses before they are known and that seem to get more and more complex as the time passes as they can't seem to be able to fix the problems immediately and definitely as before. Heuristic engines analyze what features a program uses (Windows API, etc), try to get virus signatures in the EXE, etc, and calculate a "possible malware score" based on this information, that will decide if they display an alert or not.

[Outcast]

>> How come it is stated as non detected in my test but there is still user who have problem?

Their virus definitions get updated every day, on day 0 your game may be undetected, on day 1 detected, on day 2 undetected again.

Note that most of those false positives are due to their heuristic engines, that detect viruses before they are known and that seem to get more and more complex as the time passes as they can't seem to be able to fix the problems immediately and definitely as before. Heuristic engines analyze what features a program uses (Windows API, etc), try to get virus signatures in the EXE, etc, and calculate a "possible malware score" based on this information, that will decide if they display an alert or not.

Ok thanks! One thing I also wonder is do it matter what extensions I have in the mfa and if that can trigger false positivess, even if they are not used in the actual .exe? For example I have a bunch of ios and android extensions in my mfa, but they are obviously not used in the .exe. Sometimes I also have extensions for debugging, but I remove all those events before building. Are they "filtered" out during the build of the .exe anyway or would it be better to remove all these unused extensions before i build my .exe?

[Yves]

If you want these extensions to be removed at build time when you build an EXE, you can delete their MFX files from the data/runtime/unicode folder. Fusion will display an alert message and won't include them. Though I don't think this is necessary as these extensions don't do anything suspicious and iirc there was never any alert about them.

[pl]

Bonjour,

Quand sera t-elle disponible la nouvelle mise à jour qui corrigera les problèmes de fausse alerte (antivirus) ?

Merci

[Yves]

Les modifs sont terminées, les tests sont en cours, elle devrait sortir d'ici un ou deux jours.

Question sémantique, la nouvelle mise à jour ne va rien "corriger" du tout, puisque le bug est chez les anti-virus, pas chez nous. Le code a été modifié en profondeur pour que les anti-virus ne détectent plus de concordances avec les fausses signatures de virus qu'ils détectaient et que leurs algorithme d'IA ne pensent pas qu'il s'agit d'une simple modification d'un virus existant et certaines fonctions de Windows que le runtime appelait et qui peuvent être utilisées par des virus (pour intercepter des messages système par exemple) ne sont plus appelées, on a essayé de faire différemment. J'espère que ça limitera le nombre de faux positifs, mais à mon avis plus le temps passe plus ce problème va devenir de plus en plus difficile à éviter. Rien qu'un exemple: prenez Visual Studio 2017, créez un nouveau projet à partir de leur modèle Windows Desktop Application (une simple application qui ne fait qu'afficher une simple fenêtre avec un menu), construisez l'EXE en mode Release et chargez-le sur Virustotal, => il est détecté par 4 ou 5 anti-virus comme contenant un malware...

[Patrice]

Est-ce que l'utilisation d'Install Creator permet de contourner simplement ces problèmes d'antivirus ?

[Yves]

Non, le moyen le plus sûr d'éviter ces problèmes, c'est de signer les EXEs qu'on crée avec un certificat (qui n'est pas gratuit). Et encore ça ne fonctionne pas toujours, contrairement à ce que prétendent les anti-virus, mais la plupart du temps ça fonctionne.