Fallout 2 utility ProtoManager virus?

Discussion in 'Fallout General Modding' started by QuantumApprentice, Jun 21, 2021.

  1. QuantumApprentice

    QuantumApprentice Look, Ma! Two Heads!

    365
    Feb 9, 2018
    https://www.nma-fallout.com/resources/fallout-2-proto-manager.73/
    https://github.com/FakelsHub/F2_ProtoManager/

    I've been getting a couple of reports from viewers that the Fallout 2 Proto Manager is setting off their antivirus software. Because it's not setting off mine (Avira) I've just been asking them to report it to the github with details about the detection.
    One viewer suggested VirusTotal as a way to tell if it's really a virus. Apparently VirusTotal is a website that will scan executables and compare the results to some 60 different antivirus softwares.
    I'm unsure how to read this though, and I'd like some feedback from anybody willing to look.
    https://www.virustotal.com/gui/file...22a4b45b668d525471abda54b303dd34088/detection

    I've also contributed a new issue to the github with this information just in case they don't hang out in this forum :) .
    Original discussion here:
    Code:
    https://youtu.be/vCPc1gxPtKk
     
    Last edited: Jun 21, 2021
  2. Lexx

    Lexx Testament to the ghoul lifespan
    Moderator Modder

    Apr 24, 2005
  3. QuantumApprentice

    QuantumApprentice Look, Ma! Two Heads!

    365
    Feb 9, 2018
    Thanks for the link, navigating github is still new to me.
    Also I added a link to the VirusTotal report, sorry I missed it when creating this post earlier.

    I've read that it's possible to offer files to antivirus software companies to be scanned to verify they don't contain viruses and possibly remove the false positive flags:
    "To be fair most AV vendors have Web sites to submit false positives"
    (https://weblog.west-wind.com/posts/2016/oct/05/dealing-with-antivirus-false-positives).
    Do you, or anybody reading this, have any experience with this? If so, could you explain how to do this?
     
  4. Mr.Stalin

    Mr.Stalin Mildly Dipped

    529
    Oct 29, 2015
    NOD has fixed its virus database, now ProtoManager.exe it is not detected as a threat.

    For other antivirus products:
    You should personally contact the manufacturer of your antivirus and ask them to fix the virus database.
     
    Last edited: Jul 28, 2021
  5. Nifty

    Nifty First time out of the vault

    2
    Mar 4, 2022
    Hey I’m a viewer of your channel and I can’t find the Proto manager please help
     
  6. Lexx

    Lexx Testament to the ghoul lifespan
    Moderator Modder

    Apr 24, 2005
    It was removed because evil westerners aren't allowed to use it.

    Anyways, find the latest version here.
     
    • [Rad] [Rad] x 1
  7. Nifty

    Nifty First time out of the vault

    2
    Mar 4, 2022
    Thank you
     
  8. .Pixote.

    .Pixote. Antediluvian as Feck
    Modder

    Sep 14, 2009
    What's the story?
     
  9. Lexx

    Lexx Testament to the ghoul lifespan
    Moderator Modder

    Apr 24, 2005
    It started here. Not going to comment on it anymore, it's just a waste of time.
     
    • [Rad] [Rad] x 1
  10. QuantumApprentice

    QuantumApprentice Look, Ma! Two Heads!

    365
    Feb 9, 2018
    Yeah, sorry, I'll update the link, but no promises on whether or not it doesn't actually have a virus, given recent events.
     
  11. Lexx

    Lexx Testament to the ghoul lifespan
    Moderator Modder

    Apr 24, 2005
    It doesn't have a virus ....
     
  12. QuantumApprentice

    QuantumApprentice Look, Ma! Two Heads!

    365
    Feb 9, 2018
    I was under that impression too, given that it was open source (until recently).
    Would you happen to know what was setting off the anti-virus software?
    I have limited experience making programs, but I've had one C# gui interface set off my antivirus when I added an open file dialogue.
     
    • [Rad] [Rad] x 1
  13. Forgotten Knight

    Forgotten Knight Time traveler stuck in time... Modder

    116
    May 24, 2006
    I've had the same issue with win10 defender, it kept deleting the app on a regular basis after the win loads. I restored it/add exception but after a day or so it went back to the quarantine. It's mutating and got detected as another variant, sounds familiar alright :) Now i just use the app inside the virtual matrix where the agents can't reach :) This is my experience with the trilogy only i recognize.
     
  14. hexer

    hexer It's PJ! Modder

    437
    Dec 7, 2013
    I compiled the binary from the source and it was still reporting as a virus. Have no idea what's going on, didn't dig further into it. It's possible that it has some CVE/insecurely written code triggering AVs.
     
    • [Rad] [Rad] x 1
  15. QuantumApprentice

    QuantumApprentice Look, Ma! Two Heads!

    365
    Feb 9, 2018
    I believe you when you say there's no virus, but I don't know enough to make counter arguments for what virus total shows. This one definitely sets off the anti-virus programs, so there probably is some insecure code or something, just wish I knew what.
     

    Attached Files:

  16. Risewild

    Risewild Antediluvian as Feck
    Modder Orderite

    Jun 14, 2014
    It could be the case of a false positive. A lot of antivirus software these days tag certain files and software as a danger because they try to "detect threats before they exist", more and more files and software that is safe keeps being falsely tagged as dangerous these days.

    I started to call antivirus that do this "paranoid software". Some antivirus even break the installation of TTW (a massive FNV modding project) because it tags some files and behaviour of the installer as a threat. And I can personally guarantee that there's nothing malicious in our installer.
     
    • [Rad] [Rad] x 1
  17. QuantumApprentice

    QuantumApprentice Look, Ma! Two Heads!

    365
    Feb 9, 2018
    Yeah, it probably is a false positive, but when 39 out of 69 anti-virus softwares ping it on virus total, it looks less and less likely.

    If you've had experience where antivirus software has false flagged a program you've worked on, did you determine which section of code was causing the false positive?
    What steps did you take to figure that out?
    And why hasn't something similar been done for protomanager?

    Either way, I've had people asking me why there's a virus, and prior to this I've simply said it's open source and I don't believe the modders would put one in. I no longer feel comfortable saying that, and would rather have a better understanding of why it's tripping that many anti-virus programs alarms.
     
  18. Lexx

    Lexx Testament to the ghoul lifespan
    Moderator Modder

    Apr 24, 2005
    The source is available, someone can just look it up ... The software is reported as false positive already since a long time. Don't know why it's suddenly such a big deal.
     
  19. kokeeby

    kokeeby First time out of the vault

    49
    Jul 4, 2019
    Just for posterity's sake, has anyone cloned the repository?
     
  20. Lexx

    Lexx Testament to the ghoul lifespan
    Moderator Modder

    Apr 24, 2005
    There's backups of all the files, yes.
     
    • [Rad] [Rad] x 1