Virus Detection Software flagged Triple A as ransomware
-
My virus detection software flagged Triple A as ransomware. While I suppose it is possible that some malicious code entered the most recent 32-bit install file, I am hopeful that the virus protection software is confusing the game with the Triple A virus. Is this a known issue? Other than not installing it, is there a way around it (so that the program will not get flagged)? Such as, possibly, renaming something or other so that the virus detection does not assume it is ransomware?
-
I did some more digging on this, and it turns out that Triple A was flagged because the antivirus software did not recognize what "classification" of software Triple A was, so it defaulted to ransomware. Is there a way to add a software "classification" without white listing the program? I am not an antivirus expert by any means, but I have done some software development, so I will be working on this on my own, as well.
-
Assuming the application, is not really infected, which it probably isn't. You should be able to exclude TripleA.exe and maybe the jar files in the program folder from being viewed as threats in real time scanning.
Scope out your security software for this setting.
-
@slipeternal The problem is most likely that the installer isn't "signed" with a trusted cert so some anti-viruses flag it as potentially harmful. We are looking to see if we can address this but it isn't an easy fix.
-
@redrum thank you for looking into it! That makes a lot of sense. I was looking to install it on my work computer, which flagged it as ransomware. I do not want to tell IT that I am installing a game, so I am not going to ask IT to white list the installer in the antivirus program. But, if I simply delete the installer after I install the program, will it avoid getting flagged?
-
Most Anti Virus Programs programs provide a way to "ignore" such alerts, or disable it temporarily, but I would be really careful with that.
I'd suggest to check your binary on https://virustotal.com first and follow our guide to verify the integrity of any binaries here first, given that I can't think of a ransomware false positive incident before.
Renaming your file is not going to change anything (this would make it far too easy for actual malware to trick the Anti viruses).
If you need any more help, please let me know. -
I really should have read all the replies...
Anyways, to follow up on @redrum's reply:
We are currently trying to obtain such a code signing Certificate, but it's really hard to get get one if you are not a registered company, so probably not going to happen soon unless someone wants to hold liable with their private address made public on triplea binaries.
Sorry about that.
