AV issue

[RaskaSlaanesh]

AV bitdefender labels one of the files during installation as malware, more specifially Trojan.GenericKD.38640302 and its file IntifaceGameHapticsRouter\unins000.dat its weird, but probably a problem, that should be looked into.

[rbairwell]

Windows defender has just alerted (after download) of "PUA:Win32/Puwaders.C!ml" (Potentially Unwanted Software) in intiface-game-haptics-router-win-x64-v18-installer.exe->(inno#000025) -and VirusTotal says 20 antivirus systems flagged it - mainly due to SharpMonoInjector.dll (which I'm guessing is used to inject the haptics routing into the game and hence modifies 3rd party software and hence causes the antivirus warnings).

Honestly, I'm not sure how this could be worked around bearing in mind it needs to be able to intercept and alter calls to gamepads to send them to Intiface...

[qdot]

Funny enough, we don't really use SharpMonoInjector for much other than fetching process info now. I'm currently trying to find a way to get rid of it.

Rather shocked it's not triggering on EasyHook, as that's what we actually use for injection right now.

[blackspherefollower]

Duplicate of #11 ?

[VaporMoon]

Windows immediately quarantined the v18 installer on hitting download as it claims to have detected Trojan:Win32/Tnega!MSR. The v17 installer downloaded and installed with no warnings. Built v18 myself and it's fine too. Intiface Central also gives no errors.

[SkYScouter]

Windows defender is also not allowing me to download v18 of the GHR. Downloaded interface central just fine

[qdot]

I'm gonna start working on this today. May release a v19 that just kills SharpMonoInjector entirely, at the cost of meaning we won't be able to filter processes, but eh. I'm gonna be rebuilding the whole GHR anyways so it's a decent stop gap.

[SkYScouter]

thank you @qdot for the reply, I'll keep a look out for v19! Also, does v17 of the GHR work with the latest version of the Intiface central?

[qdot]

@SkYScouter Yup it should, only new feature for v18 was UWP hooking, so it just works with more games.

[qdot]

@SkYScouter @VaporMoon Ok, v19 is up. The only change is that I built locally and signed using my new cert, so I can't really confirm that this won't end up tripping antivirus again, but we'll see.

https://github.com/intiface/intiface-game-haptics-router/releases/tag/v19

[VaporMoon]

@qdot v19 download and installed without tripping anything.

[qdot]

It usually takes a day or two for windows defender to start getting mad, but I already through the file through VirusTotal and it only got a couple of DllInject detections (which are valid), so we'll see what happens. Gonna leave this open for like a week longer, will close after that if I stop hearing reports.

This may also be the last version of the GHR in this form, I'm working on a new system that's a little more extensible. More info on that once it's slightly more baked though, it's not even in the oven yet. :3

[SkYScouter]

@qdot, yep didn't trip at all for me, was having a little trouble setting up Elden ring with v17 so I'll try this. thx

[moukimyr]

Unfortunately, I just had v19 get flagged by Windows Defender, but I'm assuming it's fine to allow it anyways?

[qdot]

@moukimyr Yup. Not surprising that it happened. I just need to completely remove our process enumeration filtering code. :/