Search Unity

Unity standalone build triggers McAfee malware detection

Discussion in 'Windows' started by andre_belz_SEW, Dec 11, 2018.

  1. andre_belz_SEW

    andre_belz_SEW

    Joined:
    Feb 19, 2016
    Posts:
    2
    Hello,

    I am running into a problem when I try to build a project for windows standalone. The build process stops and I get errors in the console output ("...IMGUIModule.dll could not be opened/found..."). Also when I run an existing build, the McAfee malware scanner pops up and tells me that some dll-files have been deleted (because they are evil). Then the program doesn't work anymore of course. I guess our corporate McAfee database got an update over the weekend and now detects this stuff (the setting that the files are directly deleted are managed by an admin, not under my control).

    I have been using Unity2018.1. Now I installed the latest 2018.2 and it seems to work. I can build again and run the .exe that was built. (Strangely I had to install it two times. After the first installation McAfee deleted the files again. After the second time it didn't. Also manually scanning the files works without a detection.)

    Is there anything known about this problem? I can reproduce the problem on my colleagues PCs. Its only a matter of time, when customers will report this to us...

    Any official statement on this? Will I run into this problem with newer versions of Unity again? I found old forum topics etc. about this but nothing from 2018...



    Best Regards André
     
    andre_belz_SEW, Dec 11, 2018
    #1

  2. josep_unity

    josep_unity

    Unity Technologies

    Joined:
    Sep 14, 2017
    Posts:
    3
    Hello André,

    Let me clarify your questions.

    Certainly we know about it as this has happened before and we are monitoring the situation. Actually, this is a problem any software development environment is exposed to as Anti-virus detections are known to be more aggressive and have False Positives specially with unseen, unsigned, new binaries such as those part of the build process.

    We are aware of the problem and we will take further action by adding documentation and guidance, and looking for more generic solutions together with the Anti-virus vendors.

    Yes, it is possible. How likely will depend on how effective the Anti-virus vendors can fix this problem based on our input and options. And let me state, this problem can happen with any binary at any time, Unity or other as it relies on the Anti-virus detection logic.

    Now, how do you fix the problem you stated. We have three options.

    First, share with us the file names and the SHA-1 of the detected Unity binaries so we can uniquely identify them and submit those to McAfee as False Positives.

    Second, if this issue blocks your development. You may exclude the folders where those files are detected from the Anti-virus scanner. However, this can potentially reduce your protection, hence assume it as a short-term fix only and remove the exclusion later on once the problem does not reproduce.

    Third, if you feel uncertain this would actually be a real malware infection. You may submit these files directly from your system to McAfee as False Positives https://kc.mcafee.com/corporate/index?page=content&id=KB85567 . Taking into account those files should not be private, sensitive or under any special NDA as it will be shared with a third party for analysis, the Anti-virus vendor.
     
    josep_unity, Dec 19, 2018
    #2

  3. andre_belz_SEW

    andre_belz_SEW

    Joined:
    Feb 19, 2016
    Posts:
    2
    Thanks for your detailed reply/ statement.
    Since with a newer version of unity it doesn't trigger anymore, I think we don't need to investigate this case further.
     
    andre_belz_SEW, Jan 11, 2019
    #3