Jump to content
Special Upgrade 4 Tech Tips

False Postiive problems with antivirus software

slysniper

By slysniper
in CM2 General Tech Support

 Share

Recommended Posts

slysniper Senior Member

slysniper

Posted
  • Author
Posted

When I was running Mcafee, back a year ago or so, it also had problems with CMFI. It did not identify the file  for me but also would do a partial uninstall on me.

I would have to turn it off to run the program.

So this file is a bad named file, so is this not something that can be fixed in the program.

Or is it something we just have to deal with on our end

0
Link to comment
Share on other sites
A Canadian Cat Senior Member

A Canadian Cat

Posted
Posted

We have to deal with it. Typically by setting exclusion directories. The anti virus vendors do a good job of tracking trends and anticipating patterns but it does lead to false positives. It is unavoidable to a certain extent (some do better than others). With a large publisher they will fix the pattern to eliminate false positives that are hit. With thier customers they will too (my company gets our exes signed by one). Other vendors are left out. BFC is an other vendor :(  

0
Link to comment
Share on other sites
Sgt.Squarehead Senior Member

Sgt.Squarehead

Posted
Posted (edited)

Got the same notification from Microsoft Security Essentials, Webroot did not pick it up, but I've been talking to them to sort out other issues.....My CM:FI install is screwed.  FFS!  :angry:

I've uninstalled it and will wait for a patch/module before reinstalling it, hopefully Microsoft will have received enough false positive reports to have it sorted by then.  :rolleyes:

Fekkin irritating though!  :mellow:

Edited by Sgt.Squarehead
0
Link to comment
Share on other sites
  • 2 weeks later...
Sgt.Squarehead Senior Member

Sgt.Squarehead

Posted
Posted (edited)

Would be nice to see some official comment on this.....Is this going to be a problem with other games in the series?  Why is it being detected as a threat? 

I've spent months trying to get the games recognised by Webroot (their tech team awaits an update to verify if it's worked), but now Microsoft is causing me exactly the same issues .....Trying to get a meaningful response out of them would be challenging I suspect!  :rolleyes:

Edited by Sgt.Squarehead
0
Link to comment
Share on other sites
A Canadian Cat Senior Member

A Canadian Cat

Posted
Posted

An official comment from whom? There is no way it is worth BFC spending time looking at this because the anti virus vendors will not be interested in talking to them. BFC is way to small. I am sure you can get a canned response from your antivirus vendor if you wait long enough. I get the feeling they don't care too much about these issues they care more about making sure they do not miss any real threats. Which, may in fact make sense. Games are especially prone to false positive hits because of their heavy use of DRM libraries as some of the techniques used to protect the license are the same ones the bad guys use to hide what they are doing. In the end the DRM library providers might have a bit more pull but even then I doubt the anti virus guys would bend over backwards for them either.

Bottom line is you know BFC is trustworthy (or you have at least accepted them as a risk you are willing to take :-) so we should do whatever we need to do to get our antivirus software to stop looking at products from BFC.

0
Link to comment
Share on other sites
Sgt.Squarehead Senior Member

Sgt.Squarehead

Posted
Posted (edited)
2 hours ago, IanL said:

I am sure you can get a canned response from your antivirus vendor if you wait long enough.

Nah, I've genuinely got the Webroot global-tech-team on hold waiting for an update, me and the dude handling it are on first name terms these days.  ;)

https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Webroot-causing-software-to-hang-in-Windows-7/m-p/293311#M30088

As for Microsoft Security Essentials, I've made what I hope are the right moves to prevent the problem recurring with CM:FI (haven't reinstalled it yet though), but I'm concerned that other games in the series might suddenly get targeted, possibly for the reasons you explain here:

2 hours ago, IanL said:

Games are especially prone to false positive hits because of their heavy use of DRM libraries as some of the techniques used to protect the license are the same ones the bad guys use to hide what they are doing. In the end the DRM library providers might have a bit more pull but even then I doubt the anti virus guys would bend over backwards for them either.

 

Edited by Sgt.Squarehead
0
Link to comment
Share on other sites
Sgt.Squarehead Senior Member

Sgt.Squarehead

Posted
Posted (edited)

Cheers for that fella, I looked for the Microsoft page but couldn't find it.  B)

PS - The problem with Whitelisting is that it's a one time fix, as soon as the game updates the problem will probably recur (it did for me, every time).....What I'm trying to get Webroot to do is recognise the CM games as 'safe-software' (it's actually done and just needs an update or new CM game to test it has worked).  Hopefully once one AV vendor starts noting the titles as safe, hopefully they all will.

Edited by Sgt.Squarehead
0
Link to comment
Share on other sites
A Canadian Cat Senior Member

A Canadian Cat

Posted
Posted
2 hours ago, Sgt.Squarehead said:

PS - The problem with Whitelisting is that it's a one time fix, as soon as the game updates the problem will probably recur (it did for me, every time)

I white list the install directory where I put the game. No reoccurrence.

Oh wait are you hitting this when you download the install package? If so that will not be as easy to deal with but at least you can override it when it fails to download.

0
Link to comment
Share on other sites
Schrullenhaft Senior Member

Schrullenhaft

Posted
Posted (edited)

The problem with that 'hope' is that, as you say, once the game updates, the file is no longer recognized as the same (I don't think they go by filename) and the problem occurs once again. For whitelisting, if you update the game, then remove the whitelisting and re-add it. This should hopefully get the security software to recognize that this new file is acceptable and not some sort of unwanted change that might suggest it has been infected.

And whitelisting the entire game directory (where the main game executable is at) should also work, though some security programs may not have that option (most usually do though). Even with whitelisting I've seen some security programs ignore the lists and continually quarantine/delete the files (and those security programs are removed from my computers...).

Edited by Schrullenhaft
0
Link to comment
Share on other sites
A Canadian Cat Senior Member

A Canadian Cat

Posted
Posted
3 hours ago, Muzzleflash1990 said:

Most anti virus services you can submit files for white listing online. Sometimes there is just one page for both false positive and negatives. For example: https://www.avast.com/faq.php?article=AVKB229 or https://www.microsoft.com/en-us/wdsi/filesubmission

Hey those are useful links - thanks.

0
Link to comment
Share on other sites
MikeyD Senior Member

MikeyD

Posted
Posted

Some virus protection doesn't like CM because it can't gain access to the contents of BRZ files so throws up yellow warning flags. I cannot recall reports of an actual real-live virus infection a CM install in all the years its been selling. Plenty of reports of anti-virus software objecting but not actual viruses.

0
Link to comment
Share on other sites
Sgt.Squarehead Senior Member

Sgt.Squarehead

Posted
Posted (edited)

Likewise.....To clarify my earlier point about whitelisting, the difficulty I was having with Webroot was with the real-time monitoring.  The files were whitelisted on my system, but the real-time monitoring was still seeing them as a threat when they became active.  Webroot would then whitelist the processes at their end which would solve the problem until the next update, at which point we were back to square one.  Hopefully this problem is now fixed, I (& Lucas at Webroot) await a new game update to see if the revised/new processes trigger a warning or are recognised as safe.  This should be a global fix if it works, so once the fix is confirmed Webroot will always recognise CM games as safe in future.

Edited by Sgt.Squarehead
0
Link to comment
Share on other sites
  • 2 weeks later...
General Jack Ripper Senior Member

General Jack Ripper

Posted
Posted
On ‎8‎/‎28‎/‎2017 at 8:18 AM, IanL said:

Not until today. Now yours is the second post about that. Must have been a Windows defender update. Grrrr. I don't even know how to get defender to ignore files.

Just place your combat mission installation folders under the list of exceptions.
Settings> Exclusions> Exclude a Folder> Specify CM installation folder, in my case (D:\Battlefront Games) which houses all my Combat Mission games.

0
Link to comment
Share on other sites
Thewood1 Senior Member

Thewood1

Posted
Posted

My understanding from a Steve post long ago was that its not the CM file per se.  Its what the DRM does to validate your install is legit.  It digs deep into your system to build a detailed snapshot of your OS, HW config, etc.  It seems to have gotten better.  But up until a year or so ago, simple changes like USB drive removal cold trigger DRM SW kills.  That same approach also causes these false positives.  I even hate calling them that.  To the AV, the DRM looks like a virus.  

Frankly, of all the games I play, from indies, to Steam, to big publishers, I have never gotten a false virus flag on any thing.  And I have never had another DRM kill my install.  I am always upgrading my PC and, until whatever change BFC made in the DRM, I had to get support to reactivate various CM games multiple times a year.  That's 8-9 years of constant virus and DRM issues.  Thank god the changes have been made.

In fact, my work support team banned me from installing CM2 on any of my work laptops.  It was causing so many false virus  issues, it became the only non-work program they banned me from loading.  And I load a lot of crap on my laptops.

0
Link to comment
Share on other sites
  • 3 weeks later...
Battlefront.com Senior Member

Battlefront.com

Posted
Posted

There's three basic issues people can run into, plus lots of variations on theme:

The first one is related to the files themselves.  The antivirus software scans for files, finds ones it doesn't like, and does something to them.  Sometimes including moving them, removing them, or otherwise screwing around with things in an invasive way.  Other times it just secretly marks them as "embargoed" and prevents them from being accessed by a program.  What triggers this?  If the scan detects a particular type of file or a "questionable" component within it, then it gets whacked.  This is a common problem with sending email attachments.  Just yesterday I tried to send a ZIP file containing JavaScript files and Apple's Mail program refused to send it.  Likewise, mail programs for ages haven't sending EXE files and even sometimes the ISPs rejected an email midstream for having "questionable" attacments.  Macros for Microsoft programs have similarly been on the no-no list for ages.  File name and specific file content has nothing to do with this.  I's kinda like police profiling... totally discriminatory based on rather superficial generalities.

The second problem that comes up is with programs that monitor realtime activity.  When CM launches it sets up defenses against hackers and status checks.  Those defenses and checks, unfortunately, are often flagged as suspicious activity and blocked in some way.  We've had all kinds of different issues with this, including access to specific BRZs being blocked from loading.  The worst is CM is shut down by the antivirus software without any sort of notification to the user.  "Your game crashes" is what we see at the Help Desk, but in reality there was no crash.  Disabling or excepting Combat Mission should fix this.

The third problem comes from people making significant changes to their system.  This can trigger Combat Mission to go into "lock down mode".  This has nothing to do with the antivirus software and CM should present a crystal clear message that it's deliberately not running due to a "fingerprint mismatch".  However, sometimes antivirus software appears to interfere with the message and sometimes it's not clear at all this is what's happening.  Either way, this sort of situation requires a license reset.  In theory it only happens when major pieces of a computer are changed OR lots of significant things are modified, but we've found occasional bugs in our settings or the DRM which have made a particular versions of a particular CM games overly sensitive.  I remember one build long ago where we accidentally checked for sound output devices (we did not intend to!) and if you unplugged your speakers or plugged in headphones the game would go into "lock down mode".  Humorous in a twisted sort of way, annoying in all others.

Steve

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...