Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

AppGameKit Chat / Symantec Antivirus detecting trojan in the AGKCompiler.exe

Author
Message
MarcoBruti
6
Years of Service
User Offline
Joined: 20th Nov 2011
Location: Caput Mundi
Posted: 24th Dec 2017 10:41
Hi all,
I am using now AGKv2 on a Windows 7 PC with Symantec Endpoint Protection.
The compiled .exe app is quarantined with WS.Reputation.1 Risk, while the AGKCompiler.exe is quarantined with Trojan.Gen.9 Risk.
Is it normal? Is there a way to avoid this inconvenience without disabiling the anti-virus.
Merry Christmas to everybody, especially to The Game Creators Team!
Markus
Valued Member
13
Years of Service
Recently Online
Joined: 10th Apr 2004
Location: Germany
Posted: 24th Dec 2017 22:27
i have g data antivirus and it said nothing.
you should at least compare the exe checksum with a other pc and fresh download.
its possible to put this exe exception on a whitelist.

yes, merry christmas.
AGK (Steam) V2017.12.12 : Windows 10 Pro 64 Bit : AMD (17.12.1) Radeon R7 265 : Mac mini OS High Sierra (10.13)
puzzler2018
Recently Online
Joined: 8th Oct 2017
Location:
Posted: 24th Dec 2017 22:32
I write C all day long in my work and never encountered such behaviour -maybe TGC put something in that your virus scanner doesnt like .

like registry / file changes

Yeah - pop it in your white list in your scanner app
nz0
AGK Developer
10
Years of Service
User Offline
Joined: 13th Jun 2007
Location: Cheshire,UK
Posted: 26th Dec 2017 02:54
Yea, well your system may already be infected with something.
Other than that, perhaps TGC should register their player app with the AV vendors each release just to be sure.
ApkGames.Guru
4
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 29th Dec 2017 10:21
I have advanced system care and it has just alerted me to Tier1 AGKCompiler.exe being a trojan threat.... gen:variant.barys.58055..... Is it safe to whitelist.... could TGC respond please.
ApkGames.Guru
4
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 29th Dec 2017 10:23
Sorry, should have added, AppGameKit version installed is 2017.12.12
MarcoBruti
6
Years of Service
User Offline
Joined: 20th Nov 2011
Location: Caput Mundi
Posted: 29th Dec 2017 14:07
@nz0 my PC is not infected, the AV is always updated and I generally pay attention when opening executables or attachments.
Unfortunately I have not been able to restore it, it has been deleted and that's all, let's wait for next update.
BTW, this is a problem with Symantec on a PC with Windows7, with Mcafee on another PC Windows 10 (that I use as development computer) I have no issues.
The best AV is Kaspersky, but Trump had banned it.
puzzler2018
Recently Online
Joined: 8th Oct 2017
Location:
Posted: 29th Dec 2017 14:10
Isnt there any settings in the Symantec somewhere when it sees a potential bogus virus alert to quarenteen it instead of deleting it

Cybermind
15
Years of Service
User Offline
Joined: 28th Nov 2002
Location: Searching for The Dark Tower, I hope it is in Denmark, near
Posted: 29th Dec 2017 20:31
Yesterday, my Bitdefender popped up and said agkcompiler.exe for Tier 1 was infected. It had been running fine for a while, I have not updated AGK2 recently. A scan on virustotal.com tells me that some AVs think it is some barys malware. Maybe a new malware is out and some AVs mistake some similarities in agk for this malware.
13/0
Bengismo
User Offline
Joined: 20th Nov 2017
Location: Yorkshire, England
Posted: 29th Dec 2017 21:24
I have NOrton Internet Security and it flags the AGKCompiler.exe and deletes the file automatically!!

Theres something about the norton antivirus that really doesnt like it. I have whitelisted my AppGameKit folder now and it works fine.
Markus
Valued Member
13
Years of Service
Recently Online
Joined: 10th Apr 2004
Location: Germany
Posted: 29th Dec 2017 23:06
today my gdata make also alarm
Virus: Gen:Variant.Barys.58055 (Engine A)
Datei: AGKCompiler.exe
Verzeichnis: X:\Steam\SteamApps\common\App Game Kit 2\Tier 1\Compiler
Prozess: gspawn-win32-helper.exe
AGK (Steam) V2017.12.12 : Windows 10 Pro 64 Bit : AMD (17.12.1) Radeon R7 265 : Mac mini OS High Sierra (10.13)
xCept
15
Years of Service
User Offline
Joined: 15th Dec 2002
Location:
Posted: 30th Dec 2017 02:45
Malwarebytes is doing the same. It completely deletes the compiler.exe so nothing can be ran or tested. For a long time it wasn't even alerting me that it was quarantining the file so I kept reinstalling AppGameKit until I finally saw a notice about it. I added the AppGameKit directory to my exclusions but this should certainly be checked into by TGC.

It actually is flagged as malware and a Trojan virus by many virus scanners:

- Arcabit
- Emsisoft
- F-Secure
- Max
- TrendMicro
- BitDefender
- eScan
- GData
- Symantec
- Malwarebytes

puzzler2018
Recently Online
Joined: 8th Oct 2017
Location:
Posted: 30th Dec 2017 02:52
Would we all agree thats its the compiler thats triggering it, I wouldnt like to see that customers who download and playing Windows apps for example and with these AVs reporting issues) finding that customers are not been able to play any cause not installing properly cause of it - cause the players is doing the same, is it compiler only or the player after compilation

I should have been in bed 7 hours ago so forgive my wordings - am knackered


xCept
15
Years of Service
User Offline
Joined: 15th Dec 2002
Location:
Posted: 30th Dec 2017 03:02
I just scanned an EXE project binary compiled with latest AppGameKit and it did not get flagged as anything malicious (including by any of the 70 scans from Virus Total).

So, it does seem confined to the compiler itself but that still needs to be addressed since many users will be unable to compile their own projects and receive virus warnings when using AGK.
CyberGamer
AGK Gold Backer
5
Years of Service
Recently Online
Joined: 11th May 2012
Location:
Posted: 30th Dec 2017 09:06 Edited at: 30th Dec 2017 11:20
I concur with xCept ,MalwareBytes doe seem to target only AppGameKit compiler.
I have also used MalwareBytes exclusions to stop deletions.

It looks like it's not just the AppGameKit compiler ,it's also deleted the Visual Editor exe as well.
Amd Quad Core FX-4350 4.2GHz,GTX550Ti 1GB GDDR5,16GB DDR3
Windows 10 Pro 64Bit
Markus
Valued Member
13
Years of Service
Recently Online
Joined: 10th Apr 2004
Location: Germany
Posted: 30th Dec 2017 10:08
seems the anti virus message is gone.
today i updated the compiler.exe from steam and i can start normal. both had the same crc32 checksum.
AGK (Steam) V2017.12.12 : Windows 10 Pro 64 Bit : AMD (17.12.1) Radeon R7 265 : Mac mini OS High Sierra (10.13)
Markus
Valued Member
13
Years of Service
Recently Online
Joined: 10th Apr 2004
Location: Germany
Posted: 30th Dec 2017 22:39 Edited at: 30th Dec 2017 22:45
i am very confused, now i had clicked compile and got again a warning^^
but in the morning not.

info about "Prozess: gspawn-win32-helper.exe"
The Gimp Team
Third-Party Software
AGK (Steam) V2017.12.12 : Windows 10 Pro 64 Bit : AMD (17.12.1) Radeon R7 265 : Mac mini OS High Sierra (10.13)
ApkGames.Guru
4
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 31st Dec 2017 19:40
I can confirm that I raised this with TGC and they are looking into over the next few days. All being well, we'll get an update here to advise if the compiler is safe and we can then whitelist it.
dominique95
User Offline
Joined: 1st Jan 2018
Location:
Posted: 1st Jan 2018 20:56
Hi,
Same alert with Bit defender on a laptop with Windows 10.
In File's properties, there's no Security info.
White list was the solution with previous versions (Monkey 1 2, CerberusX , Blitz, Blitzmax too) .
But the latest version (from TGC site) goes to quarantine directly.
Mobiius
Valued Member
14
Years of Service
User Offline
Joined: 27th Feb 2003
Location: The Cold North
Posted: 2nd Jan 2018 08:45
I get the same issue with AGKCompiler.exe on my windows 10 work laptop.

Even though I whitelisted the file the last time it was flagged as a virus and deleted, it still did it when AppGameKit was last updated.

I'm running symantec endpoint protection.
Paul Johnston
15
Years of Service
User Offline
Joined: 16th Nov 2002
Location: United Kingdom
Posted: 2nd Jan 2018 12:41
I have submitted a sample to F-Secure for them to have a look at, I'll let you know what they say.
Xaron
3
Years of Service
User Offline
Joined: 3rd May 2014
Location: Germany
Posted: 2nd Jan 2018 13:02
Those anti virus heuristics often go insane. I have this issue with quite some other software as well including own developed things.
Conjured Entertainment
AGK Developer
12
Years of Service
User Offline
Joined: 12th Sep 2005
Location: Nirvana
Posted: 2nd Jan 2018 13:18 Edited at: 2nd Jan 2018 13:31
Quote: "White list was the solution with previous versions (Monkey 1 2, CerberusX , Blitz, Blitzmax too) .
But the latest version (from TGC site) goes to quarantine directly."

Quote: "Those anti virus heuristics often go insane. I have this issue with quite some other software as well including own developed things."

Well, if there is no trojan (and I know there is not), then they should be held responsible for the lie.

Telling consumers that a product is not safe to use when in fact it is no threat at all, is more than misleading... it damages the reputation of the product and has a negative effect on its future sales.

Everyone else has to pay for their mistakes, and they should too, especially when their mistake not only causes financial losses to the developer of the software, but also denies the user access to the software they need.

Would it be okay for me to advertise that their anti-virus software is a scam???

They wouldn't like it at all I am sure, and would want to sue me, even though the statement is the truth.

I still believe that most of the malware and viruses out there were developed by the anti-virus companies in order to create a need for their product, and these false reports on safe software accomplish the same thing without the risk of them being caught red handed of the old method of creating the viruses themselves.

I'm onto you suckers, and have been since the start!!! ( just like that fruity company that created viruses to attack IE vulnerabilities)

Coding things my way since 1981 -- Currently using AppGameKit V2 Tier 1
Xaron
3
Years of Service
User Offline
Joined: 3rd May 2014
Location: Germany
Posted: 2nd Jan 2018 14:04
Actually most antivirus software is scam indeed. They often drive crazy for harmless stuff and suck when a real threat comes. I always have those "trojan" warnings for harmless software like from TGC. I get it sometimes for self compiled stuff from visual studio as well.
Paul Johnston
15
Years of Service
User Offline
Joined: 16th Nov 2002
Location: United Kingdom
Posted: 2nd Jan 2018 17:36
F-Secure have confirmed that the AGKCompiler.exe file is clean and the false positive will be fixed in an upcoming database update. They suggest code signing may help with establishing reputation for our files, so we'll try that with the next version. If your anti-virus is detecting a virus on this file please submit it to them as a false positive.
Rich Dersheimer
AGK Developer
8
Years of Service
User Offline
Joined: 1st Jul 2009
Location: Inside the box
Posted: 2nd Jan 2018 22:40
Here's what I did - I turned SEP off for 15 minutes, installed AGK2, went to the compiler, right clicked it, then chose Symantec Endpoint Protection Client>File Insight. I was able to set the file as trusted from there.

I believe SEP quarantines the compiler because it is a new .exe with very few installs. The heuristics don't trust it.
ApkGames.Guru
4
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 3rd Jan 2018 15:41
Quote: "If your anti-virus is detecting a virus on this file please submit it to them as a false positive."


Thanks Paul, appreciated.

Login to post a reply

Server time is: 2018-01-19 16:55:22
Your offset time is: 2018-01-19 16:55:22