Anti virus detects two files as infected

[Abhishek-Patwal]

Upon installation two files have been detected to be infected, please take it up on priority. It leads to the game not being installed.

[Koi-TF2]

This should be labeled as TF2

+1, Virustotal link for shadercompile.exe here: https://www.virustotal.com/gui/file/83fb94ef1accdc0071ef6221f8e5acf870a1df31ff26e04a8d58116402793911/detection

[AwesomeCoder412412]

I've seen this issue quite a lot on Reddit. Here's some more details from one user in particular:

"Bitdefender is detecting the following when I update TF2 and moved these files to quarantine: The file D:\Steam\steamapps\downloading\440\bin\shadercompile.exe is infected with Gen:Variant.Lazy.390042

The file D:\Steam\steamapps\downloading\440\bin\vrad.exe is infected with Gen:Variant.Lazy.390042

At this time, personally, I am uninstalling TF2 until such a time that I know that these files are safe."

I am not this person, but I figured that this might be helpful.

[Abhishek-Patwal]

should i ignore the threat and proceed to install the game, too ecsited to play it

[Koi-TF2]

should i ignore the threat and proceed to install the game, too ecsited to play it

Assuming you are using BitDefender as your AV, which is what it looks like from your screenshots, then in order to download the game you would likely need to ensure that TF2's game directory folder location (user dependent) is added manually into the AV Exclusions list. Doing so should prevent the AV from repeatedly flagging these "infected" files, and allow you to correctly download and launch the game. These files are most likely completely safe and this is likely a case of false positive detection

[Abhishek-Patwal]

yeah it worked after i did it :D

[Joshua-Ashton]

The issue with the TF2 x64 Update getting false-positived is really just there were a few SDK tools in there that are not signed like the main game.

Building anything with modern MSVC triggers AV these days...

The vast majority of the false-positives go away when these tools are signed, as they are in the next update: https://www.virustotal.com/gui/file/a1323b34aae07605d572a496ecbfe3f50943e851f3d99441680dccee8ab65e3c/details

So hopefully that fixes the problem for you, when it drops.

[Tiagoquix]

@kisak-valve This has probably been fixed and can be closed since the latest update:

Fixed an issue where the game would be falsely detected as malware by some anti-viruses

https://www.teamfortress.com/post.php?id=220446

[Spewkwagen]

@kisak-valve This has probably been fixed and can be closed since the latest update:

Fixed an issue where the game would be falsely detected as malware by some anti-viruses

https://www.teamfortress.com/post.php?id=220446

Just got hit with my Windows Defender flagging vrad.exe during Steam downloading the update. Identified as 'Trojan:Win32/Acll'.

[NULLYUKI]

Just got hit with my Windows Defender flagging vrad.exe during Steam downloading the update. Identified as 'Trojan:Win32/Acll'.

@Spewkwagen Can you upload the file to Virustotal and share the result here?

I have uploaded the file now myself on Virustotal and the file is being flagged by one anti-virus software. https://www.virustotal.com/gui/file/76108989a6c195b918061b28fe6835179799c31494770e0978d987fc170b2cca

vpk.exe has also a false flag by a anti-virus software. https://www.virustotal.com/gui/file/a3a441db559887645b6d7588b5e7103151da39d8f881fe29bc17a86c1529ed01

steamerrorreporter.exe has also one false flag by a anti-virus software. https://www.virustotal.com/gui/file/f594323725f095f6a5536789d23c707ff1d9705da3597f7e11ee25e3b01698cc

demoinfo.exe has also one false flag by a anti-virus software. https://www.virustotal.com/gui/file/492a23174cff4d970eee8bebdd9f532e4efdac1ac788d7f4f6fcd347d7930844

[Spewkwagen]

Replying to https://github.com/ValveSoftware/Source-1-Games/issues/5620#issuecomment-2069118177

Uploaded my download of it to Virustotal

[NULLYUKI]

Uploaded my download of it to Virustotal

Thank you! I'm quite confused why it has 11 flags while on my end it only received 1 flag.

[kisak-valve]

Closing per "Fixed an issue where the game would be falsely detected as malware by some anti-viruses" in the 2024-04-18 Team Fortress 2 update.