-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows versions since 1.13 are falsely flagged as a virus #648
Comments
Sadly we don't know why - all we can do is mention on the release page. We got the program cleared on Windows Defender, maybe we could submit to Google too.. |
Pulled the redirected url The file is being flagged by both Anity-AVL and URLQuery. One as malicious and the other as Suspicious. As for why, it does not give the details. |
Carbon Black Cloud also blocks the exe. "Barys is suspected malware and was blocked" |
Maybe the source code is clean but the build tools used to make official release are not and introduce malicious byte code ? As a test, has it been build on a new Windows PC with freshly installed build tools ? |
The build uses Github actions, so we're assuming that environment is virus free and secure. I suspect that the changes made to support multiple variants is the cause of the false detection . The variant code manipulates pointers which perhaps is a pattern also used by some malware. My knowledge in this domain is very limited. |
Someone could speculatively try a different optimization setting sent to mingw32-make SYSTEM=WINDOWS BrogueCE-windows in the build.yml Perhaps -O3 or -O2. I saw a stack overflow answer that suggested that solved their issue. It makes sense, it might rearrange the bytes enough that whatever heuristic the virus checker is using doesn't trigger. |
Ah, thanks for looking into it - we already build with -O2, though I suppose it's worth a try to change it to 1 or 3. Interestingly, the poster of that SO thread resolved the problem by using a different mingw (presumably mingw-w64 instead of the original one?) I have no idea which we use - I think the one pre-installed on the Actions runners, which might be the old one, so maybe I should finally get around to updating the build to use MSYS2 with latest mingw-w64... |
These are the options: https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html You could try -Oz or -Os Presumably it's being flagged either because of a false positive in the data matching a pattern, or it trying to use instructions deemed unsafe. |
Blocked on firefox too as of now. |
@Fixer-007 Which Brogue version? Could you post a screenshot of what the error/warning looks like? |
Virustotal is reporting it Also, you could make it a part of CI I also checked Mac and Linux builds, the are fine. I checked the file from the build: https://github.com/tmewett/BrogueCE/actions/runs/11654463139 and it's clean. How exactly files on the release page are created? |
The text was updated successfully, but these errors were encountered: