Jump to content

False positive in demo of game Death Trash on Steam


talecrafter
 Share

Recommended Posts

Hello.

A false positive was detected in the GameAssembly.dll of the Steam Demo of the game Death Trash.

I'm the developer of the game and not sure what would cause this.
Other variants of our game with slight differences in each GameAssembly.dll, e.g. the full version, seem to get triggered, too.
If it's helpful, I can add upload more variants of the GameAssembly.dll.

- Stephan Hövelbrinks

deathtrash_demo_log.txt GameAssembly.zip

Link to post
Share on other sites

1 hour ago, talecrafter said:

A false positive was detected in the GameAssembly.dll of the Steam Demo of the game Death Trash.

Hi,

Do you have "Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option.

This is normally disabled by default.

In either way, Staff will investigate this and get this fixed.

Thanks for reporting!

Please turn off "Use expert system algorithms to identify malicious files” It is located in Settings > Security> Scan option to avoid these detection's

 

Link to post
Share on other sites

Hello. For the demo it seems to be resolved now.

For the main game there's still a false flag. I attached the files here.

Due to the Early Access state of the game we'll be updating the game and the demo every few days. Will each of these have to be whitelisted again?

We have three more binaries in other stores, too, which seem to be affected. I would appreciate a lot if we could find a general solution for this instead of a per binary solution.

deathtrash_log.txt GameAssembly.zip

Link to post
Share on other sites

On 9/3/2021 at 4:04 AM, talecrafter said:

For the main game there's still a false flag. I attached the files here.

Again, Please turn off "Use expert system algorithms to identify malicious files” It is located in Settings > Security> Scan option to avoid these detection's

image.png.e2285caada8959d2a9da7bae1e1753e9.png

Edited by Porthos
Link to post
Share on other sites

3 minutes ago, talecrafter said:

This is not about me having a personal problem on my own computer. This is about customers buying my game on Steam etc. and potentially having that option enabled. I want it to be solved for them, not for myself.

Understood. Staff will be around to whitelist this one as well.

Link to post
Share on other sites

  • 2 months later...

A new version of the game is flagged again. This is the Steam version. I attached the files.

Please tell me how we can fix this situation permanently. We're uploading three different Windows binaries for every game update. We update the game about once per week.
What is causing these warnings? What can I do on my side to fix it?

The current situation is damaging our business. People are returning copies of the game because they think it contains Malware, and people are making forum posts to warn about the game.

deathtrash_log.txt GameAssembly.zip

Link to post
Share on other sites

Further investigation:

Adding the version meta info and digitally signing doesn't make a difference. The GameAssembly.dll still gets detected. (We don't have experience with signing process and didn't buy one yet from a known source, so not 100% sure if this could be considered a full test.)

One interesting observation: As long as the GameAssembly.dll is located in the Applications Folder of Windows ("C:\\Program Files...") it doesn't get detected, but if the file is outside of that it does get detected. So I assume files in the Applications Folder generally just get a pass from the heuristic algorithm? Steam is installed there by the default and also the games it installs. Otherwise we would probably see a lot more of these false flags.

Another test: We created an empty Unity project, set it to the aforementioned IL2CPP workflow, just added a test script and built it, and it also was detected. I attached it here.
So we can at least exclude anything specific in our game triggering these detections.

How do we solve this now?

GameAssembly.zip GameAssemblyResults.txt

Link to post
Share on other sites

  • Staff

There is a fix in the works for the heuristic detections. I dont have an eta at this time but should be within a month at most. Its in testing at the moment.  If you decide to purchase a valid signature that should solve the issue in the future as we can whitelist a valid signature for all validly signed files. 

Link to post
Share on other sites

Thank you for the info update. I appreciate that.

Will have to ponder about purchasing a valid signature. In our case it would just be for fixing this specific case. The general use case of being able for customers to correctly identify the software seems to be mostly needless in our case as the software is downloaded, installed and launched through a trusted client, e.g. the Steam client.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.