(Presumed) false positive detection of cryofall_compiler.exe

Started by Creat, March 16, 2018, 08:31:27 AM

Creat

Hello again,

wanted to load up Cryofall today to have a look at it, but when/after installing I got a virus detection alert from my scanner (WebRoot), see screenshots.
File location is apparently inside a zip-file (during extraction I assume), the full path is also attached.

I can now verify the game from the launcher, and it says it's fine. If I scan the folder, it's also fine. If I launch the game, scanner kicks in again and prevents the compiler from doing whatever it's trying to do and quarantines it again. Queue me having to re-verify and start again.

I've not white listed the file, but eventually it launched and I'm not in. Weird...

I don't know what the compiler is compiling, but as far as I understand it, especially when run 'interactively' virus scanners tend to listen closely (since it's a way to avoid signature detection). This might be a rather fragile construct, since you probably can't test every version against every virus scanner for every release (I assume).

Screenshots: https://imgur.com/a/1aTsS (https://imgur.com/a/1aTsS)

I'm off doing some gamin'
Creat

Lurler

Hm, did that happen during installation through the updater (AtomicTorch game launcher) or already when launching the game?

Edit:
And yes, there is no virus. It is obviously a false positive.

ai_enabled

Thanks for reporting!

https://www.virustotal.com/#/file-analysis/YjZjOGJmNjE2Y2JkMTA5ZDM4MzJkNDNkZGVlMWRkNTc6MTUyMTIxNTQ4OA==
0/63 as usual.
I'm testing it at least once every few versions.
It seems WebRoot is extremely suspicious...

Anyway, not much we can do against the possible false positive reports - we had the same issue with VoidExpanse sometimes.
Even if we buy an expensive code certification (EV) and sign the binary, it still might react as false positive and our code certificate might be revoked because of that (as some developers reported)... Though we definitely will get the certificate later, just in case.


CryoFall Compiler is an essential part of the game distributive - all the gameplay and UI related code ships with the game in an open source form. The game automatically compiles C#/XAML file and listens to the file system changes in order to recompile (live editing and hot-reloading of everything, including content such as textures and sounds).

Regards!