Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

False positive: Virus Total flags exe as CIL.StupidCryptor.Heur #408

Open
AthasOrBust opened this issue May 3, 2019 · 3 comments

Comments

Projects
None yet
2 participants
@AthasOrBust
Copy link

commented May 3, 2019

Hello,

I uploaded the CommunityClient.exe to Virus Total (www.virustotal.com) and one of the detection engines (VBA32) is reporting a virus of the type CIL.StupidCryptor.Heur. I'm aware that this is likely a false positive but I thought I'd report it here for consideration.

Direct link to the details of the scan can be found here: https://www.virustotal.com/#/file/770e70c8e08331489a708cbd5367eb5b120c43744d9bfe56c7b05519b4215b67/details

@ZaneDubya

This comment has been minimized.

Copy link
Owner

commented May 3, 2019

Thank you for submitting this! This happens because VBA32 thinks that anybody who obfuscates their source code is up to no good. I've played with the obfuscation settings and there's no way to get under the threshold for this alert without - well - not doing it at all. I wonder if there's some white list I could get on...

@ZaneDubya ZaneDubya added this to the A. Future Features milestone May 3, 2019

@ZaneDubya ZaneDubya changed the title Virus Total is reporting CommunityClient.exe has CIL.StupidCryptor.Heur virus False positive: Virus Total flags exe as CIL.StupidCryptor.Heur May 3, 2019

@ZaneDubya

This comment has been minimized.

Copy link
Owner

commented May 3, 2019

I'm changing the title so people aren't misled about the false positive.

@AthasOrBust

This comment has been minimized.

Copy link
Author

commented May 4, 2019

I have no experience with this but given other threads I've read about false positives for games you're going to have to contact the anti-virus vendor directly and get them to vet it. That can be a long and time-consuming process but possibly worth it? Unfortunately there's no industry-wide whitelist I'm aware of so it normally has to be done per vendor.

Can't really comment on what VBA32 focus on, have little knowledge of them beyond Virus Total.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.