Heuristic scans aren't actual based on virus snippets or definitions, they are looking at things like Windows API calls, accessed directories, etc., to try to determine if anything looks "suspicious"--depending on how it's coded, just patching an exe file can be flagged as "suspicious".
I'm not accusing Avira (not familiar with it or the company that makes it), but some anti-virus programs at least used to intentionally over-flag files based on heuristics--naïve users would try a new anti-virus programs, it would flag more things than their previous one, so they would assume it was better and the old one was missing viruses.
Avira reviews do mention an inordinate amount of false positives, though. In one case, someone compiled this C program in VS:
#include <stdio.h>
void main() {
char a = 'a';
printf("Hello world %c\n", a); }
and Avira flagged it as "HEUR/APC threat".
Whitelisting is the way to go--but if they use a hash for the whitelist, might have to do it again on a future build. Or it may have been a bug in Avira they've fixed.
Hot posts in thread: Virus detection
-
-
-
Update
While the application took longer than normal to initialize, as well as installation, (possibly due to automatic updates going on at the same time and taking up resources), 1.3.4 did not trigger a virus detection from Avira. Thought you might like to know. -
-
-
-
Well, can't hurt to submit the executable to Avira's false positive submission form. Thanks for reporting this.
-
I got around it obviously... but it's just a bad look for ISG. If you can do anything to resolve it, that would be helpful to you. -
Nothing has changed in the build process for the Humble/Itchio DRM-free build, or for any other build for that matter. Don't know why your anti-virus has decided to pick up on the executable now. Which DRM-free version did you last play without having the warning from your anti-virus? Was it 1.3.2, or was 1.3.3 the first 1.3.x DRM-free version you played since 1.2.4?
-
For the first time ever, Avira is picking up your executable as a virus
More than that, I could not delete the folder after I installed as it required administrator permission... which I am.
I had to let Avira quarantine the executable before I could delete the files.
What happened? How come 1.3.3 is the first version where the executable is being detected as malware?