Classic Erosion installation file and Norton Antivirus

Started by fleetwood, November 15, 2017, 10:43:30 AM

Previous topic - Next topic

fleetwood

Norton Symantec Internet Security antivirus detects Heur.AdvML.B virus when scanning the classic_erosion_setup_v1_0.exe file and will quarantine it.
I assume this is a false positive. I was able to use the install file before the quarantine took place (only last night) and Classic Erosion is still working fine in Terragen 4.1.17 .

Just thought I would pass this along for anyone else who might use Norton .

bobbystahr

Quote from: fleetwood on November 15, 2017, 10:43:30 AM
Norton Symantec Internet Security antivirus detects Heur.AdvML.B virus when scanning the classic_erosion_setup_v1_0.setup and will quarantine it.
I assume this is a false positive. I was able to use the install file before the quarantine took place (only last night) and Classic Erosion is still working fine in Terragen 4.1.17 .

Just thought I would pass this along for anyone else who might use Norton .

I had a similar problem with AVAST as it wouldn't dl the .exe for Classic so Daniil switched that over to a .zip dl which was very nice of him.
something borrowed,
something Blue.
Ring out the Old.
Bring in the New
Bobby Stahr, Paracosmologist

Oshyan

I don't know if Daniil monitors all of the forum threads here, so it is ideal if you report this to him via email if you have not already done so.

- Oshyan

fleetwood


Daniil

#4
Thank you for the report, Sid.

I am sorry that many users have problems with my plugin and AV software.

As for antiviruses that block .exe - there is a simple solution to download .zip, we've succesfully tested this with bobbystahr. I hope to add "Dowloads" page on the website today with various download options, including .zip.

As for the false positives. This question is much harder.
Setup really does nothing criminal:

1. Search in the registry for possible paths of tgd.exe and also checks default location in the Program files - this is needed to set default TG location path in the corresponding promt.

2. Creates "Daniil Kamperov\Classic Erosion" folders in the Roaming Application Data folder - this is where binary key is stored after registering the plugin. If to skip this step plugin will work, but won't remember if it is registered already and will ask to register every time. Plugin itself cannot create this folder without elevated permissions, so I decided to leave this task for the installer.

3. Copies dkclassicerosion.tgp into Plugins subfolder inside the Terragen folder.

4. Copies license agreement into Daniil Kamperov\Classic Erosion.

Steps 2, 3, and possibly 1 require elevated permissions, and it seems are considered as suspicious by AV software.

I've tested the plugin in some systems with Bitdefender and Kaspersky - both can't see nothing suspicious.

So, as a workaround, I can advice to try to remove installer from the Norton's quarantine (somewhere in the Norton's GUI) - then Norton should not block installer again.

Also I can to ask Symantec support to add my installer into white list, but this isn't very good solution as I need to do this with every new update of Classic Erosion. And, I think, there is a bunch of other AV software teams which I need to email to ask to whitelist my plugin every new version.  :o

BTW I've googled and found that even big software companies sometimes have similar problems. Even purchasing certificate and signing installers with it doesn't help.

I'll see what I can do, and if someone can help you are welcome.

Daniil.

P. S. Have just tested installers using VirusTotal:
https://www.virustotal.com/ru/file/b7b7a0b56488149cc3f268dc04e3eaf146820f9c280a47874dfae1fefa1280c4/analysis/
https://www.virustotal.com/ru/file/b11b47a8196c2edd3d6ba1f96491fe1ebb455cdfa5adfdcf93162856d51ba591/analysis/
Both files passed al AV checks, including Symantec. I think this is heuristics that finds CE installer suspicious and it seems VirusTotal turns it off.

fleetwood

Thanks for that information Daniil.
In my case I would simply do the steps to remove the setup file from Norton quarantine, if I was to need to re-install for some reason.
Fortunately I did not even need to re-install Classic Erosion when upgrading to 4.1.17 from beta Terragen last week, and all is working well. :)





Daniil

I've added Downloads page, where you can download Classic Erosion as .exe or as .zip file, this should solve part of problems:
https://daniilkamperov.com/downloads/#classic-erosion
Daniil

bobbystahr

something borrowed,
something Blue.
Ring out the Old.
Bring in the New
Bobby Stahr, Paracosmologist