v1.6 Virus total

[JuMPP]

I was excited to see version 1.6 was launched the other day! I like to check any exes with my local AV and virus total when I cant find a checksum. My local AV found nothing, but virus total had 5 hits off of the new release. 

SecureAge APEX: Malicious
Bkav: HW32.Packed.
McAfee-GW-Edition: BehavesLike.Win32.BadFile.vc
Panda: Trj/Genetic.gen
VBA32: Suspected Of Trojan.Downloader.gen.s
Yomi Hunter: MALWARE



I totally acknowledge antivirus is a very tricky thing, and there is a 99.9% change this is a false positive. I have used PCSX2 for years and greatly trust the product and team. However, 5 hits on Virustotal does seem slightly unusual to me. Does anyone have any further info on this, or is it likely due to the recent nature of the 1.6 release? 

Below is the Virustotal scan, and I am waiting on Yomi hunter to finish its analysis. Any suggestions or words of wisdom from the veterans or AV savvy folks out there is greatly appreciated!

Virustotal scan: https://www.virustotal.com/gui/file/fbe07d1afd27ab353daa2afacc2de87d8f5ec69f64bbd9246f31ebfe1731de9b/detection

[lightningterror]

They're false positives, it's pretty much out of control. The only way to get rid of them is to submit the files to the AV providers themselves for analyzing.

[arcum42]

Odds are that it's the recompilers it picks up on. Writing assembly to memory and then executing it *is* suspicious behavior... and also the definition of how JIT works.

--arcum42

[pandubz]

Also worth noting we have been battling various antivirus false positives ever since the later stages of the 1.5.0 development series. More or less around the same time that Dolphin started having builds of theirs flagged, shortly after we started noticing PCSX2 getting hit too. Part of this was due to Microsoft changing some things with Defender and AI based detection, but I think there's also just some rather inconvenient timing here. We'd love to get those cleared, but of course, that means getting it submitted, and hoping they actually would review it.

[lightningterror]

Odds are that it's the recompilers it picks up on. Writing assembly to memory and then executing it *is* suspicious behavior... and also the definition of how JIT works.

Last ones I remember being detected were spu2-x and gsdx (sse2 to be precise).

[JuMPP]

Awesome! Thank you so much everyone for your time and responses. I really appreciate the explanation and feel way more secure about the incorrectly flagged potential risks above. Security has always been an intimidating field for me, where a detected risk seems like a bottomless hole you cant comprehend without going line by line through source code, but people like all y'all make it that much easier to comprehend and enjoy wonderful projects/products like this, conscious free.