Author Topic: Classic Erosion installation file and Norton Antivirus  (Read 286 times)

Offline fleetwood

  • Member
  • *
  • Posts: 1232
Classic Erosion installation file and Norton Antivirus
« on: November 15, 2017, 02:43:30 PM »
Norton Symantec Internet Security antivirus detects Heur.AdvML.B virus when scanning the classic_erosion_setup_v1_0.exe file and will quarantine it.
I assume this is a false positive. I was able to use the install file before the quarantine took place (only last night) and Classic Erosion is still working fine in Terragen 4.1.17 .

Just thought I would pass this along for anyone else who might use Norton .
« Last Edit: November 15, 2017, 07:34:16 PM by fleetwood »

Offline bobbystahr

  • Member
  • *
  • Posts: 8200
  • Turn, and face the Strange Ch Ch Changes...D Bowie
Re: Classic Erosion installation file and Norton Antivirus
« Reply #1 on: November 15, 2017, 05:39:56 PM »
Norton Symantec Internet Security antivirus detects Heur.AdvML.B virus when scanning the classic_erosion_setup_v1_0.setup and will quarantine it.
I assume this is a false positive. I was able to use the install file before the quarantine took place (only last night) and Classic Erosion is still working fine in Terragen 4.1.17 .

Just thought I would pass this along for anyone else who might use Norton .

I had a similar problem with AVAST as it wouldn't dl the .exe for Classic so Daniil switched that over to a .zip dl which was very nice of him.
something borrowed,
something Blue.
Ring out the Old.
Bring in the New

bobbystahr

Offline Oshyan

  • Planetside Staff
  • *
  • Posts: 11793
  • Holy snagging ducks!
Re: Classic Erosion installation file and Norton Antivirus
« Reply #2 on: November 16, 2017, 12:45:22 AM »
I don't know if Daniil monitors all of the forum threads here, so it is ideal if you report this to him via email if you have not already done so.

- Oshyan

Offline fleetwood

  • Member
  • *
  • Posts: 1232
Re: Classic Erosion installation file and Norton Antivirus
« Reply #3 on: November 16, 2017, 01:11:00 AM »
OK, Thanks Oshyan, I have sent Daniil a pm.

Offline blinkfrog

  • Member
  • *
  • Posts: 76
Re: Classic Erosion installation file and Norton Antivirus
« Reply #4 on: November 16, 2017, 04:19:30 AM »
Thank you for the report, Sid.

I am sorry that many users have problems with my plugin and AV software.

As for antiviruses that block .exe - there is a simple solution to download .zip, we've succesfully tested this with bobbystahr. I hope to add "Dowloads" page on the website today with various download options, including .zip.

As for the false positives. This question is much harder.
Setup really does nothing criminal:

1. Search in the registry for possible paths of tgd.exe and also checks default location in the Program files - this is needed to set default TG location path in the corresponding promt.

2. Creates "Daniil Kamperov\Classic Erosion" folders in the Roaming Application Data folder - this is where binary key is stored after registering the plugin. If to skip this step plugin will work, but won't remember if it is registered already and will ask to register every time. Plugin itself cannot create this folder without elevated permissions, so I decided to leave this task for the installer.

3. Copies dkclassicerosion.tgp into Plugins subfolder inside the Terragen folder.

4. Copies license agreement into Daniil Kamperov\Classic Erosion.

Steps 2, 3, and possibly 1 require elevated permissions, and it seems are considered as suspicious by AV software.

I've tested the plugin in some systems with Bitdefender and Kaspersky - both can't see nothing suspicious.

So, as a workaround, I can advice to try to remove installer from the Norton's quarantine (somewhere in the Norton's GUI) - then Norton should not block installer again.

Also I can to ask Symantec support to add my installer into white list, but this isn't very good solution as I need to do this with every new update of Classic Erosion. And, I think, there is a bunch of other AV software teams which I need to email to ask to whitelist my plugin every new version.  :o

BTW I've googled and found that even big software companies sometimes have similar problems. Even purchasing certificate and signing installers with it doesn't help.

I'll see what I can do, and if someone can help you are welcome.

Daniil.

P. S. Have just tested installers using VirusTotal:
https://www.virustotal.com/ru/file/b7b7a0b56488149cc3f268dc04e3eaf146820f9c280a47874dfae1fefa1280c4/analysis/
https://www.virustotal.com/ru/file/b11b47a8196c2edd3d6ba1f96491fe1ebb455cdfa5adfdcf93162856d51ba591/analysis/
Both files passed al AV checks, including Symantec. I think this is heuristics that finds CE installer suspicious and it seems VirusTotal turns it off.
« Last Edit: November 16, 2017, 07:03:37 AM by blinkfrog »

Offline fleetwood

  • Member
  • *
  • Posts: 1232
Re: Classic Erosion installation file and Norton Antivirus
« Reply #5 on: November 16, 2017, 10:28:20 AM »
Thanks for that information Daniil.
In my case I would simply do the steps to remove the setup file from Norton quarantine, if I was to need to re-install for some reason.
Fortunately I did not even need to re-install Classic Erosion when upgrading to 4.1.17 from beta Terragen last week, and all is working well. :)





Offline blinkfrog

  • Member
  • *
  • Posts: 76
Re: Classic Erosion installation file and Norton Antivirus
« Reply #6 on: November 16, 2017, 11:42:52 AM »
I've added Downloads page, where you can download Classic Erosion as .exe or as .zip file, this should solve part of problems:
https://daniilkamperov.com/downloads/#classic-erosion
Daniil

Offline bobbystahr

  • Member
  • *
  • Posts: 8200
  • Turn, and face the Strange Ch Ch Changes...D Bowie
Re: Classic Erosion installation file and Norton Antivirus
« Reply #7 on: November 16, 2017, 04:31:02 PM »
2 thumbs up mate.
something borrowed,
something Blue.
Ring out the Old.
Bring in the New

bobbystahr

 

anything