search

3dfxdev / EDGE

EDGE Source Code
http://edge2.sf.net
74 stars 10 forks source link

antivirus alert - edgecrashreport.exe #52

Closed simc2 closed 6 years ago

simc2 commented 6 years ago

AVG stops downloading the EDGE-2.1.0-Test3-Win32.7z because of a suspected threat with the included edgecrashreport.exe. The same happens with the latest builds in DRD team page.

https://www.virustotal.com/#/file/e08565e83cd1e2ebb4586e1bf15a93e72fb352e6e99c37df66c082c8bf383697/detection

It might be a false alarm but could something be done with it?

Corbachu commented 6 years ago

Its a false positive. The program comes from the Eternity Engine -- try downloading that port and see if you get the same result from their crash app (EDGE's is functionally identical). I build it under MSVC and all we have done is rewrite some textual lines.

Not sure how to handle this tbh. I don't get warnings from Windows Defender, nor Malware Bytes on my end. I use AVG TuneUp, but I don't actually use AVG or Avast anymore.

I wonder what could be causing that.

simc2 commented 6 years ago

Only that AVG blocks downloading the latest Edge versions totally.

After getting the 7z file and trying to extract the files AVG moves edgecrashreport.exe in quarantine. This happens with edgecrashreport.exe (dated 2017-09-21 22:40) from these versions:

EDGE-2.1.0-Test3-Win32.7z EDGE-2.1.0pre-313-g39864ea.7z

In virustotal.com AVG, Avast and two more engines detect the file positive. (Win32:Evo-gen [Susp], Win32/Trojan.97a, Suspicious_GEN.F47V0926) But they give all clear for edgecrashreport.exe (dated 2017-08-04 01:22) from 3DGE-2.1.0pre-291-g5d03749.7z

AVG doesn't alert for the Eternity eecrashreport.exe at all. In virustotal.com only one marks eecrashreport.exe unsafe for these Eternity versions:

Eternity-3.42.03a-213-g9966997.7z (eecrashreport.exe 2017-12-13 13:08) Eternity-3.42.03a-45-g232cec3.7z (2017-09-08 12:08) Eternity-3.42.02-27-g72ac2bd.7z (2017-07-23 12:20)

But nothing is detected from the file in the offical version:

ee-3.42.03a-win32.zip (2017-05-04 23:24)

Corbachu commented 6 years ago

Hmm, I am not sure what could be causing the issue. Quasar mentioned that it is just a false positive thing, and my machine is not infected in any way -- so I'm unsure how to proceed. I'll see what changed with Eternitys crash program and upload a new devbuild in the near future.

Corbachu commented 6 years ago

@simc2 Going to pull Eternity's latest crash program and re-introduce fresh into EDGE. I'll post a devbuild when this has been done and you can test to see if AVG still mucks with it.

Corbachu commented 6 years ago

Closing for now, this issue is stale.