So, I have a game launched on Steam (Spooky’s Jump Scare Mansion HD Renovation) - as part of a recent update we updated to 2017.2. Users have recently started talking about how they’re seeing their antivirus software quarantine the executable. Sure enough, I dropped it in to virustotal and this was the result. I scanned my system to make sure something wasn’t sneaking its way in there and everything seems clean.
In order to further test this I made an empty unity project (single scene named “main”, everything else is unmodified default settings). Testing that with virustotal gives this result for an x86 Windows Standalone build and this result for an x86_64 build (my game has the same result with an x86_64 build).
I suspect this is some part of the new packaging methods to have the very light executable throwing up red flags in these malware detecting systems. Has anyone else had this problem? Has anyone found a way around this problem?
That is weird. We specifically made this change so we could sign all Unity code (as it was moved into a DLL), and made the executable be very small so it was easy to scan for wrongdoings… I guess something went wrong along the way.
You could build the executable yourself - we actually ship source code for it in “Editor\Data\PlaybackEngines\windowsstandalonesupport\Source”. That might make it different enough for the AV stuff to not flag it.
This is now occurring for me as well (using x86 and getting this same result), I take it the antivirus companies have not been e-mailed yet or their false positive submission forms used? The .exe file is not signed - creating a small, statically linked executable is exactly what trips AV ‘products’ easily, safe for Windows Defender.
I guess I must hold off with updating to 2017.2 until this has been sorted out.
Hey @StealthyMoose I’ve been testing various 2017.2 versions and uploading our executables to various AV vendors over the last 2 weeks. However, I could not find a version (I probably missed it) where it would fail on McAfee, TrendMicro and AegisLab software. Which exact version of Unity did you use for your first link?
We have a similar issue on a game build with Unity 2017.2.2p3.
AVG,NORTON,AVAST do block the executable. What should we do? @Tautvydas-Zilys do we create a bug report?
Did you solve your problem @monark ?
File a bug report to us and we’ll take it to AV vendors;
Send the .exe to AV vendors yourself - most of them have functionality on their website to report false positives.
While waiting on either you could rebuild the executable yourself, which would change the hash of it and AV software wouldn’t flag it anymore. You can find the source code at \Editor\Data\PlaybackEngines\WindowsStandaloneSupport\Source.
