Comments (8)
I notice that many anti-virus scanners detect the ACR v2.18.2 Windows client executable as a virus. When I download the release, I see Windows Defender detects it as TrojanDropper:Win32/OverJoiner!rfn
. It's either a lot of false positives, or GitHub's hosted runner environment was compromised.
Unlike previous releases, where I compiled the binaries manually, the v2.18.2 executables were compiled in GitHub Actions (https://github.com/acreloaded/acr/actions/runs/470292606). GitHub's machines run the workflow file and generate the release.
I have submitted a support request to GitHub about the potential security issue. Until this is resolved, I recommend compiling the source code yourself.
I just compiled my own executable (acr_client.zip), and Windows Defender shows it as clean. It seems like there are some false positives, but not like 50% detecting it as a virus: https://www.virustotal.com/gui/file/225b98ffa65d1387350bc6928db695be05f6e0156a9b3fdcf058e4de84fc8391
from acr.
Installed through choco, detected as Trojan but different name.
I just compiled my own executable (acr_client.zip), and Windows Defender shows it as clean.
This one detects as Ymacco.AA22, I guess it's GitHub.
from acr.
I'm currently running a hybrid analysis on it. Avast blocked it. Firefox blocked it, and nearly half of the virus total results marked it as malicious. Something isn't right here...
I haven't tried to compile it myself though.
from acr.
Here are the results of the Hybrid Analysis:
from acr.
Hello, I donwloaded yesterday ACR, without reading that issue sadly
Defender warned me, ( TrojanDropper:Win32/OverJoiner!rfn ) , and I deleted manually all the files. Do you think I risk something, I'm a bit worried about my PC ... And my internet accounts thus
Any suggestion or help , thanks in advance :/
from acr.
As mentioned before, compile ACR yourself if you do not trust the executables created by GitHub's machines.
It is possible that there is something in the ACR code that anti-virus software does not like. For example, bugs that cause memory overreads or corruption would possibly trigger detections. If we can find and fix those issues, it would help to resolve this.
I don't have time to investigate right now, but if someone finds and reports what's causing the detections, I can make the fixes and release a new version.
from acr.
Could this possibly be related to it using registry keys and services for the server?
Hybrid analysis says that it imports suspicious APIs , namely
RegCloseKey
StartServiceCtrlDispatcherA
RegOpenKeyExA
GetDriveTypeW
GetFileAttributesA
UnhandledExceptionFilter
WriteFile
GetModuleFileNameW
IsDebuggerPresent
LoadLibraryExW
CreateThread
ExitThread
TerminateProcess
Some of which I don't see why assualtcube uses, like the registry related ones. Maybe they are for saving the resolution and game settings?
Hope this helps,
Levi
from acr.
@kabeeki AssaultCube and AssaultCube Reloaded both read the registry:
https://github.com/acreloaded/acr/blob/v2.18.2/source/src/stream.cpp#L147-L170
https://github.com/assaultcube/AC/blob/v1.3.0.2/source/src/stream.cpp#L151-L174
AC and ACR use the registry to substitute ?MYDOCUMENTS?
with the My Documents
folder path. Also, ACR uses the registry to read MachineGuid
to get a unique machine ID.
from acr.
Related Issues (20)
- TFS1004: Team Scores
- TFS1005: nextmap messages
- TFS1048: Scope in N_POS
- TFS1161: Sprint HOT 1
- TFS1266: New Issue Tracker HOT 1
- Promote game HOT 2
- OpenAL Error (A003): invalid value, line 156 HOT 3
- Numbers floating without reasons HOT 4
- Assaultcube crash HOT 3
- The game closes after a few minutes of gameplay HOT 2
- legal issue / copyright infrigement HOT 3
- Raspberry pi install
- Build error HOT 1
- Multiple Crosshair ? HOT 1
- Game Crashing on native Linux. HOT 1
- Game won't run on Linux Mint HOT 1
- Instructions to Build HOT 1
- Artifacts
- Unable to run the game HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acr.