OpenXcom Forum

Modding => Released Mods => The X-Com Files => Topic started by: Slaughter on March 20, 2018, 10:26:28 am

Title: X-COM Files executable giving me a false positive: W32/exploit.gen
Post by: Slaughter on March 20, 2018, 10:26:28 am

Anyone getting such false positives? Got it from Panda Antivirus

Title: Re: X-COM Files executable giving me a false positive: W32/exploit.gen
Post by: Meridian on March 20, 2018, 10:33:22 am

Yes, 5 of 10 antivirus programs flag any new version as a virus.
After 2-3 weeks some of them realize how stupid it is and stop doing that.... some don't.

Title: Re: X-COM Files executable giving me a false positive: W32/exploit.gen
Post by: KZad Bhat on March 20, 2018, 01:26:45 pm

I looked up the particular virus, and found this link.

https://einsteinathome.org/content/panda-antivirus-detecting-w32exploitgen

Title: Re: X-COM Files executable giving me a false positive: W32/exploit.gen
Post by: Meridian on March 20, 2018, 01:29:19 pm

It's not a particular virus... even the name says it is just a placeholder for any "generic exploit".

The antivirus just has some heuristics, which detect anything even remotely dangerous... and will flag any such (usually new) executables, until they are whitelisted by enough user votes as false positives.

Title: Re: X-COM Files executable giving me a false positive: W32/exploit.gen
Post by: yrizoud on March 20, 2018, 11:49:34 pm

The description of this "exploit" is very broad. Maybe they mean "This uses sprintf(). If the developers are not careful, they can shoot themselves in the foot".

Title: Re: X-COM Files executable giving me a false positive: W32/exploit.gen
Post by: KZad Bhat on March 21, 2018, 01:50:19 am

I was figuring it just had to mean there's some string of code that could do something it's not supposed to. I do remember having a keygen that I had to set an exception for, but then a keygen does have an algorithm similar to what you get in a password cracker, so it was pretty much a duh it would get reported.

Title: Re: X-COM Files executable giving me a false positive: W32/exploit.gen
Post by: MFive on April 11, 2018, 02:37:48 am

Using Avast! Anti-virus and never have issues. It is free. Hope this helps.

Title: Re: X-COM Files executable giving me a false positive: W32/exploit.gen
Post by: KZad Bhat on April 11, 2018, 08:21:17 am

Every anti-virus gets false positives from time to time. The more new software you try, to more likely you are to run across it. What everyone finding this issue means is Panda is running an algorithm that aggressively spots code related to this issue, whether it's actually dangerous, or close to, or just contains a string that can be used maliciously even if it's not actually used in this case. Avast will do it too, and I bet if you do a search for 'Avast false positives' you'll find a lot on it. The only real way to make sure there's not false positives is to scale back the aggressiveness of the security software until it won't report anything that's less than a 100% certainty, which will greatly increase the number of false negatives.