Virus Total

[TherealBacowski]

So i virus totalled this software and an engine called [Malicious.high.ml.score] popped up here is the link that has the scan in just curious if this is harmful or just a false positive because nobody has reported issues like virus' or malware to do with this software yet

https://www.virustotal.com/gui/file/aee3a15b4ff66949f2fccb38462fed3535ec0a76f00c6193e12304e7773bd57d/detection

[mogzol]

Apparently that means that Trapmine's machine learning AI thinks that something in BrawlBuilder looks like a virus. It's a false positive, but feel free to look through the code or compile it yourself, I can assure you there's nothing malicious in there. Going to leave this issue open so it's easy for other people to see though.

[TherealBacowski]

that was quick i dont know much about compiling but ill ask a friend who knows a lot more than me to verify

[mogzol]

Just re-ran the scan and the Trapmine result is gone (maybe VirusTotal stopped using them?) but it is detected by "SecureAge APEX" and (sometimes) "MaxSecure". Those are both pretty unheard of virus programs and the fact that no other programs detect anything means you can pretty safely assume it's a false positive.

For the record, I tried submitting an empty Windows Forms App (BrawlBuilder is built using Windows Forms) and get the exact same results, so I doubt there's anything I can do to fix it, they seem to flag pretty much any .NET WinForms app, even ones that do nothing. Here's the steps to try it yourself if you're curious:

1. Start Visual Studio 2019
2. Create a new Project
3. Choose "Windows Forms App (.NET Framework)"
4. Name it whatever, change the Framework to ".NET Framework 4" (this is what BrawlBuilder uses)
5. Click "Create"
6. At the top of the window change the "Debug" dropdown to "Release".
7. Open the "Build" menu along the top, choose "Build Solution"
8. Submit the built .exe to VirusTotal (it'll be in the project directory, under the "bin/Release" folder)

After doing that and submitting to VirusTotal, I get the same results that the BrawlBuilder scan returns, even though this program does nothing but open up an empty window: https://www.virustotal.com/gui/file/cc46eff73a3c0aa8c144f41c672ba4e5217aefb47ccc5ece1a5c6e5ab04aab48/detection

Note that sometimes the MaxSecure result will show up there, sometimes it won't, no clue why. Seems to happen more often if I add a label or some other control to the form. Either way, it's definitely not actually a virus, and I'd assume that since these anitvirus programs are saying that this empty application is a virus, that's also why they're saying BrawlBuilder is a virus.