Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

AppGameKit Classic Chat / Symantec Antivirus detecting trojan in the AGKCompiler.exe

Author
Message
MarcoBruti
12
Years of Service
User Offline
Joined: 20th Nov 2011
Location: Caput Mundi
Posted: 24th Dec 2017 10:41
Link
Hi all,
I am using now AGKv2 on a Windows 7 PC with Symantec Endpoint Protection.
The compiled .exe app is quarantined with WS.Reputation.1 Risk, while the AGKCompiler.exe is quarantined with Trojan.Gen.9 Risk.
Is it normal? Is there a way to avoid this inconvenience without disabiling the anti-virus.
Merry Christmas to everybody, especially to The Game Creators Team!
Back to top
Profile PM Email Website
Markus
Valued Member
20
Years of Service
User Offline
Joined: 10th Apr 2004
Location: Germany
Posted: 24th Dec 2017 22:27
Link
i have g data antivirus and it said nothing.
you should at least compare the exe checksum with a other pc and fresh download.
its possible to put this exe exception on a whitelist.

yes, merry christmas.
AGK (Steam) V2017.12.12 : Windows 10 Pro 64 Bit : AMD (17.12.1) Radeon R7 265 : Mac mini OS High Sierra (10.13)
Back to top
Profile PM Email
puzzler2018
User Banned
Posted: 24th Dec 2017 22:32
Link
I write C all day long in my work and never encountered such behaviour -maybe TGC put something in that your virus scanner doesnt like .

like registry / file changes

Yeah - pop it in your white list in your scanner app
Back to top
Profile
nz0
AGK Developer
16
Years of Service
User Offline
Joined: 13th Jun 2007
Location: Cheshire,UK
Posted: 26th Dec 2017 02:54
Link
Yea, well your system may already be infected with something.
Other than that, perhaps TGC should register their player app with the AV vendors each release just to be sure.
My Robotron remake
My I,Robot remake WIP
My Defender remake
AGK WadPacker - Protect your Media!

Back to top
Profile PM Email Website
ApkGames.Guru
10
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 29th Dec 2017 10:21
Link
I have advanced system care and it has just alerted me to Tier1 AGKCompiler.exe being a trojan threat.... gen:variant.barys.58055..... Is it safe to whitelist.... could TGC respond please.
Back to top
Profile PM Email Website
ApkGames.Guru
10
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 29th Dec 2017 10:23
Link
Sorry, should have added, AppGameKit version installed is 2017.12.12
Back to top
Profile PM Email Website
MarcoBruti
12
Years of Service
User Offline
Joined: 20th Nov 2011
Location: Caput Mundi
Posted: 29th Dec 2017 14:07
Link
@nz0 my PC is not infected, the AV is always updated and I generally pay attention when opening executables or attachments.
Unfortunately I have not been able to restore it, it has been deleted and that's all, let's wait for next update.
BTW, this is a problem with Symantec on a PC with Windows7, with Mcafee on another PC Windows 10 (that I use as development computer) I have no issues.
The best AV is Kaspersky, but Trump had banned it.
Back to top
Profile PM Email Website
puzzler2018
User Banned
Posted: 29th Dec 2017 14:10
Link
Isnt there any settings in the Symantec somewhere when it sees a potential bogus virus alert to quarenteen it instead of deleting it

Back to top
Profile
Cybermind
Valued Member
21
Years of Service
User Offline
Joined: 28th Nov 2002
Location: Denmark
Posted: 29th Dec 2017 20:31
Link
Yesterday, my Bitdefender popped up and said agkcompiler.exe for Tier 1 was infected. It had been running fine for a while, I have not updated AGK2 recently. A scan on virustotal.com tells me that some AVs think it is some barys malware. Maybe a new malware is out and some AVs mistake some similarities in agk for this malware.
13/0
Back to top
Profile PM Website
Bengismo
6
Years of Service
User Offline
Joined: 20th Nov 2017
Location: Yorkshire, England
Posted: 29th Dec 2017 21:24
Link
I have NOrton Internet Security and it flags the AGKCompiler.exe and deletes the file automatically!!

Theres something about the norton antivirus that really doesnt like it. I have whitelisted my AppGameKit folder now and it works fine.
Back to top
Profile PM
Markus
Valued Member
20
Years of Service
User Offline
Joined: 10th Apr 2004
Location: Germany
Posted: 29th Dec 2017 23:06
Link
today my gdata make also alarm
Virus: Gen:Variant.Barys.58055 (Engine A)
Datei: AGKCompiler.exe
Verzeichnis: X:\Steam\SteamApps\common\App Game Kit 2\Tier 1\Compiler
Prozess: gspawn-win32-helper.exe
AGK (Steam) V2017.12.12 : Windows 10 Pro 64 Bit : AMD (17.12.1) Radeon R7 265 : Mac mini OS High Sierra (10.13)
Back to top
Profile PM Email
xCept
21
Years of Service
User Offline
Joined: 15th Dec 2002
Location:
Posted: 30th Dec 2017 02:45
Link
Malwarebytes is doing the same. It completely deletes the compiler.exe so nothing can be ran or tested. For a long time it wasn't even alerting me that it was quarantining the file so I kept reinstalling AppGameKit until I finally saw a notice about it. I added the AppGameKit directory to my exclusions but this should certainly be checked into by TGC.

It actually is flagged as malware and a Trojan virus by many virus scanners:

- Arcabit
- Emsisoft
- F-Secure
- Max
- TrendMicro
- BitDefender
- eScan
- GData
- Symantec
- Malwarebytes

Back to top
Profile PM Email Website
puzzler2018
User Banned
Posted: 30th Dec 2017 02:52
Link
Would we all agree thats its the compiler thats triggering it, I wouldnt like to see that customers who download and playing Windows apps for example and with these AVs reporting issues) finding that customers are not been able to play any cause not installing properly cause of it - cause the players is doing the same, is it compiler only or the player after compilation

I should have been in bed 7 hours ago so forgive my wordings - am knackered


Back to top
Profile
xCept
21
Years of Service
User Offline
Joined: 15th Dec 2002
Location:
Posted: 30th Dec 2017 03:02
Link
I just scanned an EXE project binary compiled with latest AppGameKit and it did not get flagged as anything malicious (including by any of the 70 scans from Virus Total).

So, it does seem confined to the compiler itself but that still needs to be addressed since many users will be unable to compile their own projects and receive virus warnings when using AGK.
Back to top
Profile PM Email Website
CyberGamer
AGK Gold Backer
11
Years of Service
User Offline
Joined: 11th May 2012
Location:
Posted: 30th Dec 2017 09:06 Edited at: 30th Dec 2017 11:20
Link
I concur with xCept ,MalwareBytes doe seem to target only AppGameKit compiler.
I have also used MalwareBytes exclusions to stop deletions.

It looks like it's not just the AppGameKit compiler ,it's also deleted the Visual Editor exe as well.
Amd Quad Core FX-4350 4.2GHz,GTX550Ti 1GB GDDR5,16GB DDR3
Windows 10 Pro 64Bit
Back to top
Profile PM
Markus
Valued Member
20
Years of Service
User Offline
Joined: 10th Apr 2004
Location: Germany
Posted: 30th Dec 2017 10:08
Link
seems the anti virus message is gone.
today i updated the compiler.exe from steam and i can start normal. both had the same crc32 checksum.
AGK (Steam) V2017.12.12 : Windows 10 Pro 64 Bit : AMD (17.12.1) Radeon R7 265 : Mac mini OS High Sierra (10.13)
Back to top
Profile PM Email
Markus
Valued Member
20
Years of Service
User Offline
Joined: 10th Apr 2004
Location: Germany
Posted: 30th Dec 2017 22:39 Edited at: 30th Dec 2017 22:45
Link
i am very confused, now i had clicked compile and got again a warning^^
but in the morning not.

info about "Prozess: gspawn-win32-helper.exe"
The Gimp Team
Third-Party Software
AGK (Steam) V2017.12.12 : Windows 10 Pro 64 Bit : AMD (17.12.1) Radeon R7 265 : Mac mini OS High Sierra (10.13)
Back to top
Profile PM Email
ApkGames.Guru
10
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 31st Dec 2017 19:40
Link
I can confirm that I raised this with TGC and they are looking into over the next few days. All being well, we'll get an update here to advise if the compiler is safe and we can then whitelist it.
Back to top
Profile PM Email Website
dominique95
6
Years of Service
User Offline
Joined: 1st Jan 2018
Location:
Posted: 1st Jan 2018 20:56
Link
Hi,
Same alert with Bit defender on a laptop with Windows 10.
In File's properties, there's no Security info.
White list was the solution with previous versions (Monkey 1 2, CerberusX , Blitz, Blitzmax too) .
But the latest version (from TGC site) goes to quarantine directly.
Back to top
Profile PM
Mobiius
Valued Member
21
Years of Service
User Offline
Joined: 27th Feb 2003
Location: The Cold North
Posted: 2nd Jan 2018 08:45
Link
I get the same issue with AGKCompiler.exe on my windows 10 work laptop.

Even though I whitelisted the file the last time it was flagged as a virus and deleted, it still did it when AppGameKit was last updated.

I'm running symantec endpoint protection.
Click here for VR Legend of Zelda stuff
Back to top
Profile PM Email Website
Paul Johnston
TGC Developer
21
Years of Service
User Offline
Joined: 16th Nov 2002
Location: United Kingdom
Posted: 2nd Jan 2018 12:41
Link
I have submitted a sample to F-Secure for them to have a look at, I'll let you know what they say.
Back to top
Profile PM Email
Xaron
9
Years of Service
User Offline
Joined: 3rd May 2014
Location: Germany
Posted: 2nd Jan 2018 13:02
Link
Those anti virus heuristics often go insane. I have this issue with quite some other software as well including own developed things.
Back to top
Profile PM Website
Conjured Entertainment
AGK Developer
18
Years of Service
User Offline
Joined: 12th Sep 2005
Location: Nirvana
Posted: 2nd Jan 2018 13:18 Edited at: 2nd Jan 2018 13:31
Link
Quote: "White list was the solution with previous versions (Monkey 1 2, CerberusX , Blitz, Blitzmax too) .
But the latest version (from TGC site) goes to quarantine directly."

Quote: "Those anti virus heuristics often go insane. I have this issue with quite some other software as well including own developed things."

Well, if there is no trojan (and I know there is not), then they should be held responsible for the lie.

Telling consumers that a product is not safe to use when in fact it is no threat at all, is more than misleading... it damages the reputation of the product and has a negative effect on its future sales.

Everyone else has to pay for their mistakes, and they should too, especially when their mistake not only causes financial losses to the developer of the software, but also denies the user access to the software they need.

Would it be okay for me to advertise that their anti-virus software is a scam???

They wouldn't like it at all I am sure, and would want to sue me, even though the statement is the truth.

I still believe that most of the malware and viruses out there were developed by the anti-virus companies in order to create a need for their product, and these false reports on safe software accomplish the same thing without the risk of them being caught red handed of the old method of creating the viruses themselves.

I'm onto you suckers, and have been since the start!!! ( just like that fruity company that created viruses to attack IE vulnerabilities)

Coding things my way since 1981 -- Currently using AppGameKit V2 Tier 1
Back to top
Profile PM Website
Xaron
9
Years of Service
User Offline
Joined: 3rd May 2014
Location: Germany
Posted: 2nd Jan 2018 14:04
Link
Actually most antivirus software is scam indeed. They often drive crazy for harmless stuff and suck when a real threat comes. I always have those "trojan" warnings for harmless software like from TGC. I get it sometimes for self compiled stuff from visual studio as well.
Back to top
Profile PM Website
Paul Johnston
TGC Developer
21
Years of Service
User Offline
Joined: 16th Nov 2002
Location: United Kingdom
Posted: 2nd Jan 2018 17:36
Link
F-Secure have confirmed that the AGKCompiler.exe file is clean and the false positive will be fixed in an upcoming database update. They suggest code signing may help with establishing reputation for our files, so we'll try that with the next version. If your anti-virus is detecting a virus on this file please submit it to them as a false positive.
Back to top
Profile PM Email
Rich Dersheimer
AGK Developer
14
Years of Service
User Offline
Joined: 1st Jul 2009
Location: Inside the box
Posted: 2nd Jan 2018 22:40
Link
Here's what I did - I turned SEP off for 15 minutes, installed AGK2, went to the compiler, right clicked it, then chose Symantec Endpoint Protection Client>File Insight. I was able to set the file as trusted from there.

I believe SEP quarantines the compiler because it is a new .exe with very few installs. The heuristics don't trust it.
Back to top
Profile PM Email
ApkGames.Guru
10
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 3rd Jan 2018 15:41
Link
Quote: "If your anti-virus is detecting a virus on this file please submit it to them as a false positive."


Thanks Paul, appreciated.
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-04-16 05:37:46
Your offset time is: 2024-04-16 05:37:46