Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chrome, windows, and antivirus marks this as a virus #48

Open
4 tasks done
alectprasad opened this issue May 5, 2024 · 9 comments
Open
4 tasks done

chrome, windows, and antivirus marks this as a virus #48

alectprasad opened this issue May 5, 2024 · 9 comments

Comments

@alectprasad
Copy link

Checklist

  • I ensured I'm running the latest version of the patch, and that the issue is present in it if applicable
  • I have read the entirety of the FAQ section in the readme, and my question was not answered there, or was not answered sufficiently
  • I have ran general troubleshooting steps (if applicable), such as restarting the PC/reinstalling Origin/whatever else is described in the FAQ, and they didn't help
  • I have checked existing issues (including closed ones), and there wasn't an existing issue pertaining to my problem (with possible solutions in the comments)

Your issue

just saying
@p0358
Copy link
Owner

p0358 commented May 5, 2024

Windows Defender on latest definitions? I've sent the thing already twice to Microsoft for analysis and both times it was whitelisted... So idk what else I can do, if you use some other brand of antivirus, you can try finding their submission link and submit the installer exe and version.dll, they'll probably remove it from detections. Not sure what Chrome uses for scanning...

@levicki
Copy link

levicki commented May 6, 2024

Not sure what Chrome uses for scanning...

Regarding Chromium based browsers, if the user has disabled Safe Browsing they will be asked to confirm downloads of "dangerous" file types such as .dll.

Packing version.dll into version.zip on your Releases page would sort that out (assuming that's the problem).

As for antivirus, if you happen to have a code signing certificate signing the file would help with antivirus reputation.

Unfortunately, ML driven crappy AV products will still flag it based on heuristics (they detect MinHook probably) so there isn't much else you could do.

@ThreeDeeJay
Copy link

😕 https://www.virustotal.com/gui/file/8845988dfc7ccd1ccf80d6ccb211e2aba2ce7bce75f252b73bf94480f1394fc5?nocache=1

@p0358
Copy link
Owner

p0358 commented May 31, 2024

I have submitted the installer exe to Microsoft for analysis once again, we'll see what's the verdict after they get to it.
obraz
But their thing at the bottom says "No malware detected", so idk how right VirusTotal's Microsoft's detection is. I could have pasted the virustotal link in the comments section in the hindsight but welp. So not even sure if Windows flags it, and as for Chrome no idea where to even submit it for manual analysis...

@levicki
Copy link

levicki commented May 31, 2024

😕 https://www.virustotal.com/gui/file/8845988dfc7ccd1ccf80d6ccb211e2aba2ce7bce75f252b73bf94480f1394fc5?nocache=1

Not a single one respectable antivirus detects it.

All the ones that label it as malicious are using machine learning crap and rely on scaring people with false positives to make more sales.

Microsoft is kind of rightfully labeling it as hacktool/patcher (because it is).

TL;DR — Unitl ESET-NOD32 says it's dangerous you can ignore the warnings from noname antivirus vendors (and yes noname includes Avira and Avast crap).

@p0358
Copy link
Owner

p0358 commented Jun 1, 2024

Yeah, it seems they uphold that

These files are classified as potentially unwanted applications (PUA), and we have added detections for them to the next definition update of our PUA protection feature. The latest definition information is available here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus

More detailed information about the approach and criteria categories currently used by the Microsoft researchers are available here: 
https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria 

Thank you for contacting Microsoft.

seems all I've achieved is them adding explicit signature detection for the file xD It is a patcher technically, but previously they've whitelisted it twice, so idk if it's a different analyst or they changed their policies. I could think the hacktool/patcher signature would be reserved for piracy patching tools, this one is to run legitimate app to access legitimate games, but welp. Seems not much can be done. I doubt packing into zip would help if Defender or whatever Chrome uses were to detect it, they'd be able to deal with a zip...

@levicki
Copy link

levicki commented Jun 2, 2024

@p0358 You should not distribute a setup, just a zip file with version.dll in it.

@BLKBRDSR71
Copy link

It's not the .dll that's the issue. I have the version.dll on my PC rn. I'm trying to get V3 of your program and Defender keeps stopping me from downloading it. I'm using the Brave browser. I was able to get v2 with no issue. Hope this helps.

Maybe it's time for a V4? 🤷‍♀️
Screenshot (8)

@levicki
Copy link

levicki commented Jul 16, 2024

@BLKBRDSR71 If you have already run the installer in the past on that PC then Just download version.dll instead of installer and overwrite the one in the Origin folder manually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@p0358 @levicki @alectprasad @BLKBRDSR71 @ThreeDeeJay