Page 1 of 1

Antivirus issues

Posted: Thu Dec 01, 2016 8:47 pm
by ShadowDragon8685
bjg wrote:
ShadowDragon8685 wrote:Massive problem right now: Norton Antivirus

:lol:


It is a problem, whether or not you like it, because people do use antivirus programs, even ones you think are backwards, and if the game executable gets flagged as a virus, that is a big problem.

Re: Report - Current Bugs and Issues

Posted: Thu Dec 01, 2016 11:22 pm
by bjg
ShadowDragon8685 wrote:
bjg wrote:
ShadowDragon8685 wrote:Massive problem right now: Norton Antivirus

:lol:

It is a problem, whether or not you like it, because people do use antivirus programs, even ones you think are backwards, and if the game executable gets flagged as a virus, that is a big problem.

I do use antiviruses, real once. Have seen (and even more heard of) some false-positives. The most "famous" case I've heard of recently was Mcafee deleting some Windows system file and making systems unbootable. The most recent one in my practice was F-Prot "detecting" a virus in almost every Thunderbird mail file - resolved by opening a "ticket" with the F-Prot's support.
Open a "ticket" with Symantec and/or check the file with some alternative tools (there is a chance the file is really getting infected on your machine or "on the way").
If you open a separate topic I'll tell why in my opinion the Norton Antivirus doesn't improve the security.

Re: Antivirus issues

Posted: Fri Dec 02, 2016 3:23 am
by sven
ShadowDragon8685 wrote:Massive problem right now: Norton Antivirus is detecting sis.exe as a virus and removing it. It's classifying sis.exe as a Heur.AdvML.B Heuristic Virus.


I've gotten in touch with Norton's tech support, and apparently, the thing to do when this happens is to fill out this form here.

I've gone ahead and put in a ticket for us, though I had to enter 'I don't know' on some of the questions. I suspect it wouldn't hurt for anyone experiencing this issue to fill out that same form -- the support guy said it would probably take them at least 2 weeks to get to the issue, but I'd bet they prioritize things based on the number of reports they get.

Re: Antivirus issues

Posted: Fri Dec 02, 2016 9:52 am
by bjg
Here is why you'd better stay away from the Norton Antivirus:
https://googleprojectzero.blogspot.com/ ... point.html
These particular vulnerabilities are probably fixed, but the product family is broken by design. They don't sandbox untrusted data processing, so every buffer overflow is happening in a process running with higher possible permissions - this is a disaster waiting to happen.

Re: Antivirus issues

Posted: Fri Dec 02, 2016 5:06 pm
by sven
sven wrote:
ShadowDragon8685 wrote:Massive problem right now: Norton Antivirus is detecting sis.exe as a virus and removing it. It's classifying sis.exe as a Heur.AdvML.B Heuristic Virus.


I've gotten in touch with Norton's tech support, and apparently, the thing to do when this happens is to fill out this form here.



Ok, Symantec say's they're putting the current version of sis.exe on their 'whitelist'. Is sis64.exe also triggering a false positive for you? If so, we should submit it as well.

Re: Antivirus issues

Posted: Fri Dec 02, 2016 6:37 pm
by Arioch
The idea that an antivirus program should operate based on a manually-updated whitelist seems absurd to me.

Re: Antivirus issues

Posted: Fri Dec 02, 2016 7:56 pm
by bjg
Arioch wrote:The idea that an antivirus program should operate based on a manually-updated whitelist seems absurd to me.

Specially if you are the one who needs to manually update it. ;)

Re: Antivirus issues

Posted: Fri Dec 02, 2016 9:49 pm
by sven
bjg wrote:
Arioch wrote:The idea that an antivirus program should operate based on a manually-updated whitelist seems absurd to me.

Specially if you are the one who needs to manually update it. ;)


If this continues to be an issue, I will need to re-submit sis.exe and sis64.exe to Symantec every time we roll out a version of the binary via Steam. That's not actually undoable, contrary to what their support guy said, Symantec appears to have about a 1-business day turnaround time for whitelist submissions, and that's usually going to be sufficient to get a new binary on the list before it gets rolled out.

But yes, it would be, at best, annoying. That said, if anyone using Norton/Symantec experiences more false positives, they should post about them here (or let me know via some other channel), and I'll start spamming that webform with SiS exes.