Unity producing Malware under Windows10?

Hi there

I know it’s a slightly provoking title, but since 5.3.6 (and with the current version 5.4.0) I get problems with the Windows standalone-builds.
The Windows Defender flags the Exe as “Trojan:Win32/Maltule.C!cl” and suggest to delete the file… I tested the exe with “Metadefender.com” and no problem was found. Sometimes it worked - until MS updated the signature files.

This is very bad - does anybody experience the same behaviour?
Does Unity and Microsoft talk to each other?

Cheers
Stefan

Hi,

yes, we talk to Microsoft often. But we haven’t heard about this problem. Does Windows Defender flags exe after you export it from Unity, or does it flag it in Unity installation folder?

Hi Thomas

I made a demo from one of our assets and use it on our other PC’s, where it’s (sometimes) flagged:

http://www.crosstales.com/en/assets/radio/Radio_demo.zip

But only the “Radio.exe” is flagged, no other files on the whole PC. I think it’s nearly impossible that we really have malware on our systems.
I’m 99.99% sure it’s a false-positive from WD and it’s not accurate - sometimes it detect it as “malware”, sometimes everything is absolutely fine… Probably you could talk to MS an try to clarify this.

Thank you!

So long,
Stefan

I scanned your package with Windows Defender on my PC, and it said everything was green.

Can you go to Editor\Data\PlaybackEngines\WindowsStandaloneSupport\Variations and see if those files are marked as “malware”.

Also, I am slightly confused, you say it’s sometimes flagged as malware? Executable is always the same per Unity version, so it’s a bit strange.

Hello again

No, those files aren’t flagged…
I’m aware of the same exe per Unity-version and yes this is a strange problem!

I’m currently working only on Radio, so I can’t confirm it for other builds. I’m suspecting one of the last Windows-update (security strengthenig) to cause these problems.
I have no idea how WD comes across such problems. But I found others having the same issue:

http://disq.us/p/1ag7kij

My main concern is that customers are scared away by our demo because it looks like malware to them:(

Hi,

Just in case, did you try renaming the exe and run WD afterwards?

Thank you for your input and I tried this before, but it didn’t help. :eyes:

I tried it on 4 different PC’s and now there is no detection…

I know it sounds silly, but I had this before (since ca. 2 weeks) and I suspect it to happen again.
As I said, I blame WD for this behaviour, but it’s still a problem.
I don’t know how Unity informs Microsoft about their “Standalone”-exe, but it would be nice if they could send e.g. a hashcode of the exe’s to be excluded (or approved) inside WD.

I've had this problem with some users too (I haven't been able to reproduce myself). So far just my game's launcher though, not the game itself (both made in unity, both from same project -- just different scenes). Any workarounds found? I'm using 5.2.2f.

Not all users are affected. Has happened on Windows 7 and Windows 10.

Unfortunately I didn’t found a workaround (and I think there is none).
This is imho out-of-our-hands and must be (permanently) solved by Unity and MS (and any other major “Malware”-protector like Symantec etc.).
In my opinion, Unity has to make sure that their Standalone-exes (from all versions) are on a white-list on all major scanners. Probably it would also help if every exe would be properly signed…

We cannot sign standalone executables: if you modify the executable at all, like change the icon, the signature is void. And I don’t imagine many people ship games using default Unity icon.

I’ll reach out to Microsoft and bring this issue up.

1 Like

Thank you, that’s great!

Hey, I just wanted to chime in and say that I’m having the same exact problem building out my game from Unity 5.3.6f1. I’ve had some customers complaining, it would be amazing to figure this out fairly soon.

I had the problem yesterday as well (using Unity 5.3.4f1 on Windows 10). However, my Windows Defender definitions were updated this morning, and now the problem seems to be gone.

I manually updated my Windows Defender definitions and this fixed the issue. Hopefully it’s auto-updated or something of the like. Thank you for confirming this as a fix!

I hope Unity confirms soon a permanent solution…

I have this problem since a month - sometimes WD detects malware, sometimes it doesn’t (e.g. after updating the definitions).
This must solved by MS and Unity! We can’t afford the hassle it causes for our customers (despite the loss of OUR reputation).

We currently have hundreds of users that bought our game getting this issue. Has anyone found a fix, or is this more of the running issues every time Unity release a final version? If we weren't always forced to upgrade by 1st party platforms I'd never upgrade the engine ever again! The poor testing of engine versions has now impacted our games reputation and possible sales. And I can say 100% we haven't done anything different to our game builds than before, this issue is specific to us upgrading to 5.3.6f1. What's most troubling to me is the lack of responsibility I see from Unity in this thread. It is an issue, and it is due to the engine. Just look at our forums, we had to make a thread specifically for this and that is unacceptable: http://steamcommunity.com/app/496300/discussions/1/360671984100616395/

1 Like

We have contacted Microsoft on this issue - that’s about everything we can do about it. I can also guarantee that it is a false positive: Unity player is definitely not malware.

Seems to happen on Win7 + Security Essentials as well. Oddly enough it seems to only happen on one out of two machines though - both running Win7 and using Security Essentials with updated definitions.

Building with Unity 5.3.6f1.

Yep, we are seeing the same thing. All on up-to-date Windows 10 machines with current (as of 11 Aug) spyware/virus definitions, and we are running builds from Unity 5.3.6f1.