Avast reporting executable as malware - false positive, not sure what to do.

[J3sseM]

Hey guys!

So after 600 hours of work I was able to send out DISTRAINT for press and various youtubers.

You can imagine how stressful the situation is, and what made it worse is that people started reporting that the game fails to boot (missing executable).
It took me a little while to figure out why this happens, and it is indeed antivirus software, especially Avast flagging the .exe as malware. Yay!

Needless to say it's all clean and false positive. I can't submit the exe for Avast as they have 10mb limit, mine is 40mb. I've tried contacting them via twitter and opened a ticket but I'm not confident they'll do anything about the matter.

I'm going to release the game 21st and I can't even imagine the sh*t storm I will be pulled into unless this get's fixed before that.

So, fellow clickers and CT, any suggestions? Anything I could do at all? This is very nasty situation to be in as a small developer.

Thanks for reading!

Jesse

[faber]

Hi Jesse,
I would remove contents from your 40mb file to make its size less than 10mb, so that you can create a temporary new file and send it to Avast (https://www.avast.com/false-positive-file-form.php). You will want the new temporary file to have the same 'false positive problem' of the old one; to check this you could test the file with Avast itself or using VirusTotal File Uploader (https://www.virustotal.com/it/), which check your file with all common Antivirus programs (including Avast). Another possible advantage of this approach is that maybe you can isolate the source of the problem (i.e. a specific extension? some portions of code?) and maybe considering patching or removing it from the original file, if possible.
I believe that, once the problem with the 10mb file is fixed, the 40mb file will be fine as well.

I don't know if it can solve your problem, that's just what I would do in your situation

It would be nice to hear CT too on this matter (false positives), since it is a very important one.

[J3sseM]

Hey faber, thanks for the reply!

Indeed I tried with Virtustotal earlier, and only 2/56 scanners shows it as positive. So yeah it's most definitely false-positive.

I'm not very familiar how these works, but if I stripped down the exe to 10mb, wouldn't it have different hashtags etc? I mean what would connect it with the game's exe?
Or maybe they could locate the piece of code/extension or whatever it is, make it safe, and that would make my game safe as well?

If that would work then I'll most definitely try to strip it down and submit to Avast.

Cheers and thanks for the idea, that could actually work!

[J3sseM]

I stripped it down to 9mb and submitted to Avast.

Any idea how long it will take? Can't really afford to wait.

EDIT:
Guys I made a new application, inserted one single active object and created .exe from it. Uploaded to Virustotal and Avast is still showing it as malware.

Using the latest beta. This is shocking!

https://www.virustotal.com/fi/file/a...is/1445163658/

[colej_uk]

I had this problem last week with my game too
http://community.clickteam.com/threads/89683-Can-t-export-any-EXEs-(stdrtd-exe)/page2

I submitted a couple of reports- I found that it was actually flagging anything I compiled with fusion too, so I sent them a couple of examples.

My game's exe was also too big to send so I uploaded it to dropbox and sent them a file link via email.

During that time it was a panic as I had a decent chunk of users being told it was a virus. Potentially it's very damaging to reputations, and I'm still pretty worried it's going to happen again at some point.

The good news is that it seemed to stop flagging my game after about 24-36 hours- somebody at avast must of took notice. If this is still happening to people though, maybe they just added my game to a whitelist somewhere and haven't actually fixed the detection (or maybe my game will start getting flagged again soon, yay )

Seems like Avast are quite aggressive with their detections (I read they have more false positives than any other AV). Still, it's one of the biggest AVs, especially as it's free. Aside from sending them false positives there's not much we can do. Clickteam- I'd suggest reaching out to them too perhaps, if you haven't already? I know we shouldn't have to, but if fusion gets a reputation for triggering false positives, it's going to be a red flag against it for developers

[J3sseM]

Whoa speaking of coincidence! I was just looking trough that topic, that lead me into your profile and I was writing a PM to you colej_uk!

I'm happy to hear the problem went away for you! (at least for now) I hope it didn't do too much of a damage. I've opened a ticked with avast, sent the stripped .exe, asking in forums... Well, let's see how it goes.

I also got a "Thanks" email from a few quite big youtubers, so I feel like I might be missing my train here. But, I guess I just need to wait and keep my fingers crossed.

Would be awesome if CT could contact Avast about this. This is pretty huge problem if you ask me.

Thanks for the encouraging words colej_uk, and good luck with MegaCity, it looks awesome!

EDIT: Meant Concrete Jungle!

[J3sseM]

Need to bump this, just to make sure CT will take a look.

At the moment this is a huge problem, and will affect everyone that is making games with Fusion.
Especially those who are making games for living are compromised.

I'm losing potential exposure all the time, people are reporting "missing executable", game can't launch when Avast is deleting the executable.
Because of this they won't play the game (speaking of Youtube LP's) and when they don't play the game I'll lose exposure.

No exposure = No sales.

Two days to release.

[jn2002dk]

Agreed this is a major issue but i'm not even sure what CT can do about it

It's a result of an overzealous heuristic scanner in Avast which comes up with numerous false positives. Of course, the potential customer probably doesn't know this and so it hurts us and potentially CT

Sadly, with malware evolving past signature scanning, it seems this is the best the AV companies can come up with and in my humble opinion it's not a good solution

Is this affecting Steam downloads too?

I haven't used sub apps but i'm wondering if you could make a small launcher exe that launches the main game through the sub app object? To keep the exe size down so it's easier to submit to AV companies

[J3sseM]

At the moment it does not matter what your project will include, even an empty .exe will get flagged by Avast.

I was finally able to contact someone from Avast, he checked my file and it's all good. It will be "fixed" for the next update but he couldn't guarantee that it will stay that way unless I sign my files so he can whitelist me.

I told them that their scanner picks up even a blank application made with Fusion, that maybe they could do something about that? Heck, this should be CT's job, not mine.
But here's hoping something will change and other devs wouldn't have to go through this crap.

Anyways, all the devs that are reading this, try to take some time and read about signing the files. I'm gong to do it now. In the end it can make all the difference.

Cheers,

Jesse

[jn2002dk]

At least you got it sorted for now

Good luck with your release