..:: PCSX2 Forums ::..PCSX2 Discussion and SupportGeneral Discussion and Support (Windows) v
v1.6 Virus total


Threaded Mode
v1.6 Virus total
JuMPP Offline
Newbie
Posts: 2
Threads: 1
Joined: May 2020
Reputation: 0
#1
Exclamation  05-09-2020, 01:39 AM
I was excited to see version 1.6 was launched the other day! I like to check any exes with my local AV and virus total when I cant find a checksum. My local AV found nothing, but virus total had 5 hits off of the new release. 

SecureAge APEX: Malicious
Bkav: HW32.Packed.
McAfee-GW-Edition: BehavesLike.Win32.BadFile.vc
Panda: Trj/Genetic.gen
VBA32: Suspected Of Trojan.Downloader.gen.s
Yomi Hunter: MALWARE



I totally acknowledge antivirus is a very tricky thing, and there is a 99.9% change this is a false positive. I have used PCSX2 for years and greatly trust the product and team. However, 5 hits on Virustotal does seem slightly unusual to me. Does anyone have any further info on this, or is it likely due to the recent nature of the 1.6 release? 

Below is the Virustotal scan, and I am waiting on Yomi hunter to finish its analysis. Any suggestions or words of wisdom from the veterans or AV savvy folks out there is greatly appreciated!

Virustotal scan: https://www.virustotal.com/gui/file/fbe07d1afd27ab353daa2afacc2de87d8f5ec69f64bbd9246f31ebfe1731de9b/detection
Reply

Sponsored links

lightningterror Offline
Game Developer
******
Posts: 1.551
Threads: 26
Joined: Jan 2016
Reputation: 42
#2
05-09-2020, 03:17 AM
They're false positives, it's pretty much out of control. The only way to get rid of them is to submit the files to the AV providers themselves for analyzing.
Reply
arcum42 Offline
Pcsx2 Coder
******
Posts: 543
Threads: 16
Joined: Dec 2008
Reputation: 7
Location: Las Vegas, NV
#3
05-09-2020, 04:12 AM
Odds are that it's the recompilers it picks up on. Writing assembly to memory and then executing it *is* suspicious behavior... and also the definition of how JIT works.

--arcum42
Reply
pandubz Offline
Dig Dug Enthusiast
*****
Posts: 785
Threads: 9
Joined: Dec 2016
Reputation: 45
Location: Bottom of the Well
#4
05-09-2020, 05:07 AM
Also worth noting we have been battling various antivirus false positives ever since the later stages of the 1.5.0 development series. More or less around the same time that Dolphin started having builds of theirs flagged, shortly after we started noticing PCSX2 getting hit too. Part of this was due to Microsoft changing some things with Defender and AI based detection, but I think there's also just some rather inconvenient timing here. We'd love to get those cleared, but of course, that means getting it submitted, and hoping they actually would review it.
Problems? Try out the latest nightly build to stay on top of the latest updates and fixes.



Oh yeah Red Pandas are cool too.




Reply
lightningterror Offline
Game Developer
******
Posts: 1.551
Threads: 26
Joined: Jan 2016
Reputation: 42
#5
05-09-2020, 05:10 AM
Quote:Odds are that it's the recompilers it picks up on. Writing assembly to memory and then executing it *is* suspicious behavior... and also the definition of how JIT works.


Last ones I remember being detected were spu2-x and gsdx (sse2 to be precise).
Reply
JuMPP Offline
Newbie
Posts: 2
Threads: 1
Joined: May 2020
Reputation: 0
#6
05-10-2020, 10:12 PM
Awesome! Thank you so much everyone for your time and responses. I really appreciate the explanation and feel way more secure about the incorrectly flagged potential risks above. Security has always been an intimidating field for me, where a detected risk seems like a bottomless hole you cant comprehend without going line by line through source code, but people like all y'all make it that much easier to comprehend and enjoy wonderful projects/products like this, conscious free.
Reply




Users browsing this thread: 1 Guest(s)