Forums ePic Character Generator Technical Discussion Bug Report Antivirus identified the software as false-positive

Viewing 15 posts - 1 through 15 (of 19 total)
  • Author
    Posts
  • #31217
    sojournstar
    Participant

    I went to open my epic software, it login fine, it started to go thru the steps, and download the new version (I just claimed and started to download the new Lady sitting…. and then all of a sudden my pc shut the program down, and This appeared

    #31218
    sojournstar
    Participant

    I am afraid to try again…. please fix this and upload a clean version.

    #31221
    LBandy
    Keymaster

    Hi sojournstar,

    Thanks for reporting this, I’m sorry to hear about the issue!

    As always, both the installer and the executable are safe, and don’t contain any malicious code. Usually, when a new version is published, most cyber-security applications need to build up some rapport with the app, so they can be considered safe. Since the software does have a networking module, that’s necessary for the downloads and logins, it’s usually deemed as a security vulnerability.

    I’m on good terms with most AV providers and have our apps whitelisted with them, but I’ve never heard of NortonLifeLock before. 🙂 So as usual, I’ll reach out to them and ask them to examine the software and if they don’t find anything suspicious, add it to their whitelist so you won’t get these annoying notifications. This can usually take a few weeks, so if you still wanted to continue using the software in the meantime, you can always allow it and add it to your personal whitelist.

    I hope this helps.

    #31226
    sojournstar
    Participant

    but it says it’s a trojan calling it by name, it doesn’t say it blocked something suspicious

    the trojan is real, where it tried to come from is the question, here is some info for you

    https://community.norton.com/en/forums/trojangen2-11

    https://www.enigmasoftware.com/trojangen2-removal/

     

    #31227
    LBandy
    Keymaster

    The way AV software work is that they store how specific malicious software looked like, and then use these samples divided into chunks and compare that to new software you are installing to see if it’s potentially harmful. They can’t let the software run, and see if it’s harmful, and also can’t simply rely on known data (like dll names, or registry entries), as these programs often change.

    ePic Character Generator uses cURL, it’s a c++ networking library, to communicate with the server and also to download files, if needed. If any other Trojan is built using this library, they’ll have a 20-30% match with said Trojan. Since our executable is relatively new (the latest patch is only 1 week old), not digitally signed, and has been unpacked from a zip file, and not directly downloaded from a known domain, it’s understandable that your AV has a very low-risk tolerance in this case, and marks it potentially dangerous file. It’s the usual procedure, but some are less picky than others.

    As I said, the software is not a trojan – never been, never will be – and also not infected by anything. You can give it a try and download the installer from the site, since it’ll come from a trusted domain, and will be installed via an installer, and not unpacked from a zip, it might work better. If that still doesn’t work, and you don’t want to risk a personal whitelist, you’ll have to wait until they examine the exe and add it to their trusted list.

    I hope this helps, but let me know if you still have concerns. 🙂

    #31228
    sojournstar
    Participant

    well, since I did not understand much of what you said in that last part,

    I guess I will wait a bit and see if you get a response from them.

    If not, I will try and come back and jingle you up again.

    Please let me know when there is any further update

    As mentioned before, this is a very old laptop, and I can not risk infecting it at this age,

    just like a human senior 😉

     

    #31232
    LBandy
    Keymaster

    You can still try and download the installer from the site and see if that works. You don’t need to uninstall or anything, just get the new one and run it. It might work in the meantime.

    #31247
    sojournstar
    Participant

    Hon, I’m confused.

    What installer, do you mean the free one, or is there a place for me to downoad the paid version again. Sorry to be so dense, but I have had a really frustrating and exhausting few months, and have had a series of things go wrong and haywire on me. My brain has now turned to mush, most likely in retaliation. I simply can’t comprehend much more confusion…. one after another…..

    I did discover trying to pull the software up again earlier, that I now get a pop up stating not found, so I am really confused now, and not sure what is happening … see screen image

     

    without knowing what the heck is going on, maybe the exe file somehow got deleted when my virus program closed it

    #31248
    LBandy
    Keymaster

    Yup, it’s a standard procedure of AV software to delete any malicious executable. That’s why I said you can give it a go by installing it again and whitelisting yourself, otherwise, you are locked out of using the software while they whitelist it (you still need to install it again afterward though).

    There are no separate free and paid versions, btw. It’s only one installer and the software unlocks features based on what packages you own. So downloading the installer from https://overheadgames.com/epic-character-generator/ will get you the same version you always used.

    #31252
    daniel-arnold
    Participant

    According to this, “Trojan.Gen.2.” does not identify a specific virus- it’s simply a generic tag Norton uses to flag a file it believes will behave like a Trojan.

    What parameters Norton uses to make this determination and how it classifies these determinations I really don’t know but, from what I understand anyway, the designation “Trojan.Gen.2” is simply one of Norton’s ways of saying “we think this file is acting like a Trojan. We don’t know, but we’ve quarantined the file anyway out of caution”.

    For me- because Avast also flagged the program incorrectly- since I trust LBandy and Overhead Games, I simply told Avast to whitelist the program and everything’s been fine.

    #31253
    sojournstar
    Participant

    This is so weird, I have had no trouble at all with any of these games or with the software until I tried to log in while it was installing the newest character of the Lady that was just put out.Why all of a sudden now. I will have to try later, as I just saw this and its the middle of the night here.

    If I have any problems I will be asking for more help

    #31254
    LBandy
    Keymaster

    daniel-arnold did Avast flag it recently, or was it a while ago? I’m just asking as if it was the recent update, I’ll get a whitelist from them too.

    sojournstar the reason it just got alerted recently is that the last update to the executable was last summer, and as the software ages, it passively builds trust by not doing any harmful activities. I also got a range of whitelists for the previous version, so that could also play a role. When a new executable is built it always starts from zero, so it either needs to be whitelisted, or build trust over time.

    The reason you are not seeing alerts for other games can be caused by multiple reasons. They don’t get unpacked from a self-contained auto-updater. They don’t contain a networking module. If they do, they use a different library. They have been built a while ago. They got whitelisted before they’ve been released. And the list goes on. It’s really standard procedure here, and if you check the forums there were several similar reports over the years. 🙂

    On the other hand, I submitted the executable for whitelisting to Norton, so it’s just a matter of time until they got that whitelisted.

    #31255
    daniel-arnold
    Participant

    “daniel-arnold did Avast flag it recently, or was it a while ago? I’m just asking as if it was the recent update, I’ll get a whitelist from them too.”

    It happened when I tried to export a character for the first time after it installed the last update. Avast blocked the export, flagging it as suspicious activity, so I had to tell Avast that the program is legitimate. I have not had any issues since.

    #31256
    LBandy
    Keymaster

    Excellent, thank you! I’ll submit the new executable to them, too.

    #31267
    sojournstar
    Participant

    when I speak of other games I am meaning THIS game, other characters in this game… I don’t play other games on/in this pc, only Epic

Viewing 15 posts - 1 through 15 (of 19 total)
  • You must be logged in to reply to this topic.