search

marzent / IINACT

A Dalamud plugin to run the FFXIV_ACT_Plugin in an ACT-like enviroment with a heavily modified port of Overlay Plugin
https://www.iinact.com
GNU General Public License v3.0
169 stars 39 forks source link

1.1 not self contained version triggers antivirus #42

Closed masanbol closed 1 year ago

masanbol commented 1 year ago

The 1.1 not self contained version triggers antivirus protection, specifically identified as Trojan:Script/Wacatac. The standalone version does not. Screenshot attached.

Screenshot 2023-03-14 112420

marzent commented 1 year ago

This is most likely because of the Deucalion dll injection.

Here is a VT scan of the release in question: https://www.virustotal.com/gui/file/cd91c033caf526b7f58800df6dc9a8aedc48c076e6747e31b604803cec4f35bc/detection

All of the hits are from some kind of generic ML algorithm (like "Gen:Variant."). If you are concerned about security feel free to compare the release to the CI build artifact.

The standalone version probably doesn't get flagged because it is more heavily packed (but executes the same code; showing just how bad most of these AV detections are)

masanbol commented 1 year ago

I figured as much - thought you might want to be aware or put something in the readme about it. Thanks!

marzent commented 1 year ago

No worries, wasn't sure what you were asking originally in the issue. Work is underway to provide Dalamud based network data, which should stop flagging IINACT itself as malware as well.