Jump to content

Norton Antivirus Tags 0 A.D. 0.0.15 Alpha uninstall.exec as a Trojan.

Theokritos

By Theokritos,
in Bug reports

 Share

Recommended Posts

Theokritos Tiro

Theokritos

Posted
Posted

What:

Norton Antivirus (21.1.0.18) reports the 0 A.D (0.0.15 alpha) uninstall.exe is a Trojan and quarantines the module.

When:

Saturday, January 4th, 2014

Where:

Windows 7 Ultimate (64 bit - 6.1.7601 Service Pack 1 Build 7601)

How:

Visited the 0 A.D. website (play0ad.com) and clicked on the Windows download link. Downloaded 0ad-0.0.15-alpha-win32 and manually scanned for viruses. Opened 0ad-0.0.15-alpha-win32, redirected the output to an external hard disk (f:\) and then monitored the installation process. Nothing unusual happened until towards the very end of the installation when Norton Antivirus reported that f:\user\avalon\appdata\local\0 a.d. alpha\uninstal.exe was a Trojan (Suspicious.Cloud.9) and quarantined the file. The installation process continued running for a short time longer and displayed the 'Finish' message. The process was finished without starting 0 A.D. and research began into the Trojan report.

Link to comment
Share on other sites
feneur Legatus Legionis

feneur

Posted
Posted

I doubt there's anything we can do about this, however there should be some kind of function in the Antivirus software where you can "Report false positive"/Send in file to be evaluated or something similar so they can change their detection so it doesn't falsely report 0 A.D. as a virus.

Link to comment
Share on other sites
unserializable Tiro

unserializable

Posted
Posted

Antivirus-companies have whitelisting programs for removing false positives. For Norton whitelisting request can be made at https://submit.symantec.com/whitelist/isv/

From what I have heard, unless some special procedure is gone through (probably with digital signatures), whitelisting will only apply to one specific version (installer, exe, etc) and for subsequent versions whitelisting needs to be done again (on Norton's whitelisting page it also says: 'If your file/software changes or updates then you will need to re-submit the request for your updated software.')

Someone with windows version could upload 0 A.D. binaries (executable files) to https://www.virustotal.com/en/ and see how many tools report them as positive for viruses.

Link to comment
Share on other sites
Stan` Consul

Stan`

Posted
Posted

Antivirus-companies have whitelisting programs for removing false positives. For Norton whitelisting request can be made at https://submit.symantec.com/whitelist/isv/

From what I have heard, unless some special procedure is gone through (probably with digital signatures), whitelisting will only apply to one specific version (installer, exe, etc) and for subsequent versions whitelisting needs to be done again (on Norton's whitelisting page it also says: 'If your file/software changes or updates then you will need to re-submit the request for your updated software.')

Someone with windows version could upload 0 A.D. binaries (executable files) to https://www.virustotal.com/en/ and see how many tools report them as positive for viruses.

Did it just for fun seems that Norton hasn't improved in years...

1388952790-fail-2.png

Link to comment
Share on other sites
Romulus Triplicarius

Romulus

Posted
Posted (edited)

I don't know them unless its a joke ;)

CMD is fun for autoruns (ie : attrib -s -h) ;)

I like Security Essential, can be shut down when he needs to. MalwareBytes is good to although that's not really an anti-virus.

cmd = Command Prompt aka Windows terminal.

Encase is for forensics, in other words I don't use an AV, I don't need one ;)

Edited by Romulous
Link to comment
Share on other sites
historic_bruno Primus Pilus

historic_bruno

Posted
Posted

Maybe it's doing something similar to Avast, which has a kind of "cloud"-based protection system that will flag every executable as suspicious and possibly dangerous until it has been scanned enough and reported back to their servers (unless the app is whitelisted by the user). With Avast, probably only the first few people to run the game will encounter that. In fact it launches the game in a sandbox and causes an error, which we should troubleshoot sometime.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...