search

FrostySo / Ps4-Pkg-Sender

Sends pkg files to your ps4 remotely
85 stars 12 forks source link

Compilation failing - antivirus detection #8

Closed piterq closed 4 years ago

piterq commented 4 years ago

During compilation in Visual Studio file Ps4-Pkg-Sender\obj\Debug\Ps4-Pkg-Sender.exe is detected as virus . VirusTotal report: https://www.virustotal.com/gui/file/76941f8d0415d2f3c857137c6ae7b91a6e850e1cb0ecb0abcec8fcb3ff9a71e9/detection

piterq commented 4 years ago

That's unbelievable. Changing GUID in Project properties -> Assemby information solves the A/V detection problem! I've changed only 1 digit, so my GUID is: 184d45c2-8351-4b71-911e-a23a3b7a8fc8

FrostySo commented 4 years ago

Yea sorry, I don't have control over that. I used to obfuscate it and seems like Microsoft kept the same heuristic.

I'll change the GUID after the next push so it gets a fresh hash to prevent others from getting it. Thanks!

piterq commented 4 years ago

No problem, I just couldn't believe that antivirus engines (not just one) are working this way - they are checking GUID only instead of real antivirus check. BTW very good application (I've started writing similar one,, but your app already has more features). :)

FrostySo commented 4 years ago

I'm not sure that's all they do. But it probably plays a big part of it.

Most anti viruses aren't really smart, it's just a collection of manually flagged executables. But there are some automated bits that might prevent a basic virus from being run. But of course, that comes as a cost nowadays because it brings a lot of false positives to legitimate apps.

piterq commented 3 years ago

Here we go again... This time changing GUID doesn't help.

Your build: image

My build with changed GUID: image

I'm wondering what really causes this problem this time.

FrostySo commented 3 years ago

Here we go again... This time changing GUID doesn't help. I'm wondering what really causes this problem this time.

I'm not really sure what causes it. If I'd have to guess, connecting to localhost triggers the anti viruses. Could be something else but I'm not sure.

You could possibly ask Microsoft support about it. I don't know if they will reply or not.

Go check the code, nothing is malicious. I'd advise you to just ignore it.

Maybe you could try change the other ID's in the .sln file. I'm not sure if it'll break the solution file, so just be careful with what you change.

They could use these to bind it to compilation (not sure, really haven't checked about the inner workings of sln files) GlobalSection(ProjectConfigurationPlatforms) = postSolution {184D45C2-8351-4B71-911E-A23A3B7A8FC9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {184D45C2-8351-4B71-911E-A23A3B7A8FC9}.Debug|Any CPU.Build.0 = Debug|Any CPU {184D45C2-8351-4B71-911E-A23A3B7A8FC9}.Release|Any CPU.ActiveCfg = Release|Any CPU {184D45C2-8351-4B71-911E-A23A3B7A8FC9}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection