Avast Threat Warning

[dudaxan]

Hello! Starting today, I'm receiving a "threat warning" from time to time for Gamemaker's executable on the Avast Antivirus. What I'd like to know is whether I should consider it a false positive or not.

This is the warning popup:



I've never received this kind of warning before. Please let me know on how I should proceed.

 

[Cherrysodapop]

Got the same issue.
Not sure if it's a false positive if we both got it.

 

[Nocturne]

I don't use Avast so I haven't seen this error... My recommendation would be to uninstall GameMaker completely, then run a scan and see if you still get the issue. If you don't then get the latest installer from the YYG website, and re-install. If you get the alert again then you can be fairly sure it's a false positive. If, after uninstalling you still get the issue, then you probably have some form of virus/malware/spyware on your machines. You could also try a secondary scanner (I recommend Malware Bytes) and see what it says to get a "second opinion". Finally, regardless of the outcome, I'd report this to YYG and let them know too.

 

[Evanski]

I tired a scan and just using gamemaker, and malware bytes had no issues

 

[dudaxan]

I did scan Gamemaker's folder with Avast and got no issue. The threat warning message only appeared while actually running the application.

 

[dudaxan]

I don't use Avast so I haven't seen this error... My recommendation would be to uninstall GameMaker completely, then run a scan and see if you still get the issue. If you don't then get the latest installer from the YYG website, and re-install. If you get the alert again then you can be fairly sure it's a false positive. If, after uninstalling you still get the issue, then you probably have some form of virus/malware/spyware on your machines. You could also try a secondary scanner (I recommend Malware Bytes) and see what it says to get a "second opinion". Finally, regardless of the outcome, I'd report this to YYG and let them know too.

@EvanSki @Nocturne

I tried installing a fresh copy of Gamemaker and it seems to have fixed the issue... I'll leave it running a little bit longer to see if the warning message will popup again.

 

[O.Stogden]

I just installed Avast to see, and after about 20 minutes of running GMS 2.3.2, I also got this alert. It was loud, and I jumped.

VirusTotal seems to return that Kaspersky views the IP as an IP with "Phishing" related to it. However others have viewed it as "clear".

Another website I checked said the IP/website has had no reported issues, however it has out of date certificates and uses HTTP not HTTPS, which may cause a security warning when accessing the site from a browser.

It's possible that GMS's internal web browsery thingie is attempting to communicate with a site that isn't using HTTPS and it's causing an issue?

 

[dudaxan]

I just installed Avast to see, and after about 20 minutes of running GMS 2.3.2, I also got this alert. It was loud, and I jumped.

That's Avast, for sure haha

After a while, I got the warning again. It is probably a false-positive, or it least I hope so.

 

[Evanski]

After a while, I got the warning again. It is probably a false-positive, or it least I hope so.

I hope so, otherwise everyone who uses gamemaker is now apart of a botnet

 

[chamaeleon]

User Permissions and Internet Access Required by GMS2

Probably the most commonly-reported issues we see tickets for are incorrect antivirus settings blocking files from being written/read at various stages of using GameMaker Studio 2. This can range f...

help.yoyogames.com

GMS2 does also use a small handful of third-party websites in order to confirm if the machine has internet access. We would recommend that you allow at least one of these, as it helps GMS2 confirm if there is internet but that our server is offline, and it will avoid unnecessary licensing attempts during these situations.

• https://www.google.com Please note that Google then performs its own redirection to your "local" Google domain (e.g., here in the UK we are redirected from .com to .co.uk) and you will need to allow this also in order for Google to register as online for you.
• https://www.baidu.com
• https://www.yandex.ru

I suspect (I don't have any particular knowledge regarding this, I could be wrong) GMS doesn't do anything besides attempting to connect, without any information transfer besides the TCP connect packets. In other words, I doubt any malicious data is transferred back (but malware protection software wouldn't know this is all GMS does and prevents the connection in the first place for your safety).

 

[O.Stogden]

@chamaeleon It seems likely that this is the case.

The problem is, the IP address being referred to here links to a non-secured website, and then redirects to a non-secured version of Baidu. It uses HTTP, not HTTPS, which is likely why Avast and AVG are freaking out.

If you search for Baidu on google, it takes you to a HTTPS:// Baidu website. If you type that IP address in, it takes you to an HTTP:// Baidu website, that is identical, but not secure.

Could probably do with merging these threads haha. But here's my quote from the other one.

I guess it would simply be a case of YYG making it check the HTTPS version of Baidu instead of the HTTP version like it does now. Is there ever a reason not to use HTTPS nowadays?

 

[Evanski]

Why not just ping their own main website???

 

[chamaeleon]

Why not just ping their own main website???

We would recommend that you allow at least one of these, as it helps GMS2 confirm if there is internet but that our server is offline, and it will avoid unnecessary licensing attempts during these situations.

Edit: Having quoted that, they could run some minimal/cheapest AWS (and/or other clouds) instances themselves across various regions and be in control of these connection endpoints, of course.

 

[dudaxan]

I'm glad that (at least apparently) there is no issue with our PC or GM

 

[SentientPenguin]

Having this exact same issue. Thanks for the insights above, folks.

 

[FrostyCat]

When YoYo decides to address this issue, I would suggest that they switch to http://example.com for detecting online presence. It is officially backed by ICANN, loads extremely quickly, has uptime rivalling the major search engines, and is at little to no risk of being censored or firewalled (which is the main reason for the Baidu and Yandex fallbacks).

 

[Dog Slobber]

When YoYo decides to address this issue, I would suggest that they switch to http://example.com for detecting online presence. It is officially backed by ICANN, loads extremely quickly, has uptime rivalling the major search engines, and is at little to no risk of being censored or firewalled (which is the main reason for the Baidu and Yandex fallbacks).

http://example.com - broken link

 

[Evanski]

http://example.com - broken link

Works fine for me

 

[kburkhart84]

Works fine for me

Broken for me right now....sorry @FrostyCat but I guess something is up and this is one of those rare times it is down.

 

[Evanski]

¯\_(ツ)_/¯ Still no problems for me

 

[BPOutlaws_Jeff]

Hello! Starting today, I'm receiving a "threat warning" from time to time for Gamemaker's executable on the Avast Antivirus. What I'd like to know is whether I should consider it a false positive or not.

This is the warning popup:
View attachment 39985


I've never received this kind of warning before. Please let me know on how I should proceed.

Same warning with AVG here:



It pops up every 10 min or so even after re-adding an exception...I could ignore it if it didn't take focus away while I'm in the middle of typing lol Turning off notifications till it's fixed NO HACKING ME RN PLZ

 

[O.Stogden]

Yeah example.com never works for me, might be region based?

 

[kburkhart84]

Yeah example.com never works for me, might be region based?

It is actually a DNS issue in my case. I always just use the DNS that the Spectrum router gives me, which is whatever they are using by default. If I switch to a static DNS setting(I use google's 8.8.8.8), example.com works for me. I'm just gonna leave it like this since it is working, wouldn't be surprised if Google's DNS works better than whatever Spectrum is giving me anyway.

 

[Evanski]

It is actually a DNS issue in my case. I always just use the DNS that the Spectrum router gives me, which is whatever they are using by default. If I switch to a static DNS setting(I use google's 8.8.8.8), example.com works for me. I'm just gonna leave it like this since it is working, wouldn't be surprised if Google's DNS works better than whatever Spectrum is giving me anyway.

i use spectrums default DNS and example.com still works