Search Unity

Unity producing Malware under Windows10?

Discussion in 'Windows' started by Stefan-Laubenberger, Aug 2, 2016.

  1. Stefan-Laubenberger

    Stefan-Laubenberger

    Joined:
    May 25, 2014
    Posts:
    1,252
    Hi there

    I know it's a slightly provoking title, but since 5.3.6 (and with the current version 5.4.0) I get problems with the Windows standalone-builds.
    The Windows Defender flags the Exe as "Trojan:Win32/Maltule.C!cl" and suggest to delete the file... I tested the exe with "Metadefender.com" and no problem was found. Sometimes it worked - until MS updated the signature files.

    This is very bad - does anybody experience the same behaviour?
    Does Unity and Microsoft talk to each other?


    upload_2016-8-2_23-41-3.png

    upload_2016-8-2_23-41-33.png


    Cheers
    Stefan
     
  2. Tomas1856

    Tomas1856

    Unity Technologies

    Joined:
    Sep 21, 2012
    Posts:
    1,919
    Hi,

    yes, we talk to Microsoft often. But we haven't heard about this problem. Does Windows Defender flags exe after you export it from Unity, or does it flag it in Unity installation folder?
     
  3. Stefan-Laubenberger

    Stefan-Laubenberger

    Joined:
    May 25, 2014
    Posts:
    1,252
    Hi Thomas

    I made a demo from one of our assets and use it on our other PC's, where it's (sometimes) flagged:

    http://www.crosstales.com/en/assets/radio/Radio_demo.zip

    But only the "Radio.exe" is flagged, no other files on the whole PC. I think it's nearly impossible that we really have malware on our systems.
    I'm 99.99% sure it's a false-positive from WD and it's not accurate - sometimes it detect it as "malware", sometimes everything is absolutely fine... Probably you could talk to MS an try to clarify this.

    Thank you!


    So long,
    Stefan
     
  4. Tomas1856

    Tomas1856

    Unity Technologies

    Joined:
    Sep 21, 2012
    Posts:
    1,919
    I scanned your package with Windows Defender on my PC, and it said everything was green.

    Can you go to <UnityInstallationPath>Editor\Data\PlaybackEngines\WindowsStandaloneSupport\Variations and see if those files are marked as "malware".

    Also, I am slightly confused, you say it's sometimes flagged as malware? Executable is always the same per Unity version, so it's a bit strange.
     
  5. Stefan-Laubenberger

    Stefan-Laubenberger

    Joined:
    May 25, 2014
    Posts:
    1,252
    Hello again

    No, those files aren't flagged...
    I'm aware of the same exe per Unity-version and yes this is a strange problem!

    I'm currently working only on Radio, so I can't confirm it for other builds. I'm suspecting one of the last Windows-update (security strengthenig) to cause these problems.
    I have no idea how WD comes across such problems. But I found others having the same issue:

    http://disq.us/p/1ag7kij

    My main concern is that customers are scared away by our demo because it looks like malware to them:(
     
  6. ladyonthemoon

    ladyonthemoon

    Joined:
    Jun 29, 2015
    Posts:
    236
    Hi,

    Just in case, did you try renaming the exe and run WD afterwards?
     
  7. Stefan-Laubenberger

    Stefan-Laubenberger

    Joined:
    May 25, 2014
    Posts:
    1,252
    Thank you for your input and I tried this before, but it didn't help. o_O
     
  8. Stefan-Laubenberger

    Stefan-Laubenberger

    Joined:
    May 25, 2014
    Posts:
    1,252
    I tried it on 4 different PC's and now there is no detection...

    I know it sounds silly, but I had this before (since ca. 2 weeks) and I suspect it to happen again.
    As I said, I blame WD for this behaviour, but it's still a problem.
    I don't know how Unity informs Microsoft about their "Standalone"-exe, but it would be nice if they could send e.g. a hashcode of the exe's to be excluded (or approved) inside WD.
     
  9. J_P_

    J_P_

    Joined:
    Jan 9, 2010
    Posts:
    1,021
    I've had this problem with some users too (I haven't been able to reproduce myself). So far just my game's launcher though, not the game itself (both made in unity, both from same project -- just different scenes). Any workarounds found? I'm using 5.2.2f.

    Not all users are affected. Has happened on Windows 7 and Windows 10.
     
    Last edited: Aug 4, 2016
  10. Stefan-Laubenberger

    Stefan-Laubenberger

    Joined:
    May 25, 2014
    Posts:
    1,252
    Unfortunately I didn't found a workaround (and I think there is none).
    This is imho out-of-our-hands and must be (permanently) solved by Unity and MS (and any other major "Malware"-protector like Symantec etc.).
    In my opinion, Unity has to make sure that their Standalone-exes (from all versions) are on a white-list on all major scanners. Probably it would also help if every exe would be properly signed...
     
  11. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    We cannot sign standalone executables: if you modify the executable at all, like change the icon, the signature is void. And I don't imagine many people ship games using default Unity icon.

    I'll reach out to Microsoft and bring this issue up.
     
    Stefan-Laubenberger likes this.
  12. Stefan-Laubenberger

    Stefan-Laubenberger

    Joined:
    May 25, 2014
    Posts:
    1,252
    Thank you, that's great!
     
  13. DIllonJ93

    DIllonJ93

    Joined:
    Aug 3, 2013
    Posts:
    2
    Hey, I just wanted to chime in and say that I'm having the same exact problem building out my game from Unity 5.3.6f1. I've had some customers complaining, it would be amazing to figure this out fairly soon.
     
  14. Flarup

    Flarup

    Joined:
    Jan 7, 2010
    Posts:
    83
    I had the problem yesterday as well (using Unity 5.3.4f1 on Windows 10). However, my Windows Defender definitions were updated this morning, and now the problem seems to be gone.
     
  15. DIllonJ93

    DIllonJ93

    Joined:
    Aug 3, 2013
    Posts:
    2
    I manually updated my Windows Defender definitions and this fixed the issue. Hopefully it's auto-updated or something of the like. Thank you for confirming this as a fix!
     
  16. Stefan-Laubenberger

    Stefan-Laubenberger

    Joined:
    May 25, 2014
    Posts:
    1,252
    I hope Unity confirms soon a permanent solution...

    I have this problem since a month - sometimes WD detects malware, sometimes it doesn't (e.g. after updating the definitions).
    This must solved by MS and Unity! We can't afford the hassle it causes for our customers (despite the loss of OUR reputation).
     
  17. RawFury

    RawFury

    Joined:
    Aug 11, 2016
    Posts:
    2
    We currently have hundreds of users that bought our game getting this issue. Has anyone found a fix, or is this more of the running issues every time Unity release a final version? If we weren't always forced to upgrade by 1st party platforms I'd never upgrade the engine ever again! The poor testing of engine versions has now impacted our games reputation and possible sales. And I can say 100% we haven't done anything different to our game builds than before, this issue is specific to us upgrading to 5.3.6f1. What's most troubling to me is the lack of responsibility I see from Unity in this thread. It is an issue, and it is due to the engine. Just look at our forums, we had to make a thread specifically for this and that is unacceptable: http://steamcommunity.com/app/496300/discussions/1/360671984100616395/
     
    Last edited: Aug 22, 2016
    Stefan-Laubenberger likes this.
  18. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    We have contacted Microsoft on this issue - that's about everything we can do about it. I can also guarantee that it is a false positive: Unity player is definitely not malware.
     
  19. NerdClown

    NerdClown

    Joined:
    Oct 9, 2015
    Posts:
    1
    Seems to happen on Win7 + Security Essentials as well. Oddly enough it seems to only happen on one out of two machines though - both running Win7 and using Security Essentials with updated definitions.

    Building with Unity 5.3.6f1.
     
  20. JTJonesHH

    JTJonesHH

    Joined:
    Nov 5, 2013
    Posts:
    2
    Yep, we are seeing the same thing. All on up-to-date Windows 10 machines with current (as of 11 Aug) spyware/virus definitions, and we are running builds from Unity 5.3.6f1.
     
  21. RawFury

    RawFury

    Joined:
    Aug 11, 2016
    Posts:
    2
    Sorry, that's not good enough! You need to fix this, and fix it with them yesterday. It's embarrassing and ridiculous we have top waste time covering for this issue and asking people to make exceptions in their security.

    I dread moving to 5.4, and I don't say this to be dramatic, I'm telling you so you know how we feel about working with Unity currently. We did feel like this a year ago. I really hope things improve over there.
     
  22. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    And how do you suppose we do it? It's not like we can magically change something in our code and Windows defender will stop flagging it. Be reasonable. I have already asked Microsoft to look into this.

    To folks that are seeing this behaviour: can you show screenshots of what Windows Defender really says about the executables? Also, are you signing them with a certificate after building from Unity?
     
  23. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    Alright folks, I heard back from Microsoft today. They are eager to help, but they need a build of your game that windows defender flags as malware. Those who are facing this issue, please email me your built game (there's no need for Unity project, just the final game) to zilys@unity3d.com. If it's large, you may strip it of all files except ".exe" and ".dll" files. If you do send me an email, please also include a screenshot of Windows defender flagging it with details shown.
     
  24. J_P_

    J_P_

    Joined:
    Jan 9, 2010
    Posts:
    1,021
    Just had someone playing for a minute or so, then windows defender deleted the exe... didn't get a chance to get screenshot from them. Are you guys using unity analytics in your builds?
     
  25. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    You should be able to see detection history here:
    upload_2016-8-24_8-9-19.png
     
  26. KCAR

    KCAR

    Joined:
    Oct 20, 2013
    Posts:
    4
    As of September 5, 2016. My playtesters are reporting the same thing.
    Trojan.jpg
     
  27. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    ^
    Can you email me with all the information you have and a copy of your game executables?
     
  28. le_duke

    le_duke

    Joined:
    Aug 30, 2011
    Posts:
    45
    Hi,
    We noticed the same issue today.
    Just sent you an email with the informations.
     
  29. JohannSig

    JohannSig

    Joined:
    Mar 2, 2014
    Posts:
    1
    Hi, I can confirm that we are getting the same malware flags on-again off-again when running the client from a standalone build executable. What's the news on the issue?

    We have an upcoming closed test of our game in 2 weeks and it could tarnish our professional reputation if testers get malware warnings when running our client.
     
  30. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    The news are the same thing I said a few posts up. You need to send your game executables and a detection screenshot to my email. I'll then be forwarding that to my contacts at Microsoft who will take care of it.
     
  31. jamnoon

    jamnoon

    Joined:
    Mar 10, 2016
    Posts:
    4
    Hi all,

    I think this is the same issue as on this thread:

    http://forum.unity3d.com/threads/ad...s-build-to-hang-on-start.370227/#post-2687475

    I feel sure it is something to do with adding a custom icon. When I build with no icon, the game launches fine. If I build with a custom icon, WD pops up whenever I open the game folder.

    Maybe someone else can confirm whether building without an icon works-around the problem?

    Edit: I noticed Tautvydas-Zilys mentioned icons and security signatures earlier in the thread so perhaps this is already known.
     
  32. SMG-Studio

    SMG-Studio

    Joined:
    Aug 27, 2013
    Posts:
    3
    flagging ourselves for updates on this thread as this issue is also happening to us. going to try the 'no custom icon' & will report back.
     
  33. PortableMoose

    PortableMoose

    Joined:
    Dec 8, 2013
    Posts:
    21
    I wish I would have known about this issue sooner, I never experienced it on my own or even with my testers. But once I put my game out there and launched an indieGoGo campaign, I started getting feedback about the "maleware" warnings. :/ hope there is a solution soon!

    Has anyone had any luck with removing the custom icon?

    Email sent.
     
  34. SpacePilot1000

    SpacePilot1000

    Joined:
    Dec 23, 2013
    Posts:
    7
    Our team has started encountering this problem as of today (Nov 1st 2016). We are running Unity 5.4.1f1 on Windows 10.

    The problem is exactly the same as described by others in this thread. I built our game this morning and when I tried running the freshly created executable, Windows Defender flagged it as malware.

    Our game has been in early access on Steam (http://store.steampowered.com/app/479020/) for several months and this is the first time we've run into the issue.

    I've e-mailed all relevant information as specified earlier in this thread.

    Any help is definitely appreciated!
     
  35. Unitology

    Unitology

    Joined:
    Jul 30, 2013
    Posts:
    5
    We just got hit with it, too, also in a build made 1/1/2016. Could it be that MS undid a fix they had previously made to their virus definitions?

     
  36. SpacePilot1000

    SpacePilot1000

    Joined:
    Dec 23, 2013
    Posts:
    7
    Just a quick update - we tried removing our custom icon and using the default Unity icon and that works. Windows Defender doesn't complain about that version of the executable.

    Obviously it's not an ideal solution, it looks a little unprofessional to not have an icon, but it does provide a temporary workaround.
     
  37. joewheats

    joewheats

    Joined:
    Aug 21, 2014
    Posts:
    1
    Bump - having the same issue!

    Just upgraded a project from Unity version 4.x to version 5.x and Windows Defender is removing the .exe every time its built.
    I just tried changing the logo from our custom one to the default Unity logo and it still flags it as malware.

    Anyone got any other ideas for fix even if its a temporary hack?
     
  38. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    I wrote what you need to do: email me the binaries, which I will then pass onto my contacts at Microsoft and they'll fix it. However, it has to be done on case to case basis now - they're still investigating the root issue - and before they do that, they'll have to whitelist individual games.
     
  39. coltsith

    coltsith

    Joined:
    Jul 1, 2013
    Posts:
    1
    Hi Tautvydas, just emailed you with our details and game exe. Thanks!
     
  40. murkantilism

    murkantilism

    Joined:
    Apr 30, 2012
    Posts:
    21
    I've also submitted a report to your email, thank you for taking point on this issue and communicating with MS on our behalf. Don't mind all the wankers demanding you magically fix things "yesterday", we appreciate your efforts.

    Only one Windows 10 beta tester for our game has found this issue, and only reports it for the x86 build (x64 bit has no issues).
     
  41. mgc90403

    mgc90403

    Joined:
    Dec 24, 2013
    Posts:
    20
    I'm having this problem now with a simple test build. We can't possibly be expected to send literally every test build we do to you guys to validate...?? We'll never get anything done!
     
  42. mgc90403

    mgc90403

    Joined:
    Dec 24, 2013
    Posts:
    20
    Even after turning off windows defender, I'm now unable to compile a test app - I'm getting this error:
    malwareIssue.jpg
     
  43. bbvrdev

    bbvrdev

    Joined:
    Aug 11, 2009
    Posts:
    221
    This just started happening to me today. Builds now get instantly deleted by Windows Defender as malware, and it seems to have worsened to the "moving file failed" error.
     
  44. smoothtrooper16

    smoothtrooper16

    Joined:
    Jan 20, 2017
    Posts:
    5
    Bump for visibility. I'm having the same issue as mgc90403, unable to make any builds, starting this morning. The error persists even if I disable windows defender. Using unity 5.5.0f3. Unity staff, we really need your help here.
     

    Attached Files:

  45. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    Could you show the original defender detection screenshot? It should still be in your detection history.
     
  46. smoothtrooper16

    smoothtrooper16

    Joined:
    Jan 20, 2017
    Posts:
    5
    From the event log: Unity_Defender.PNG
     
  47. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    Which exact Unity version are you on? Can you type "dir *.exe /s" in a command prompt under "<UnityInstallationDir>\Editor\Data\PlaybackEngines\windowsstandalonesupport\Variations" and paste the output? Have you had any detections that detect "player_win.exe" directly, rather than the one named after your game?
     
  48. smoothtrooper16

    smoothtrooper16

    Joined:
    Jan 20, 2017
    Posts:
    5
    No, only detections that mention the game, never "player_win.exe" directly.

    Here's the command prompt output: Unity Dir.PNG
     
  49. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    6,364
    Which exact Unity version is that list from?
     
  50. smoothtrooper16

    smoothtrooper16

    Joined:
    Jan 20, 2017
    Posts:
    5
    I am using Unity 5.5.0f3.