Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on June 14, 2018, 08:16:10 PM

Title: False positive on FiveM
Post by: REDACTED on June 14, 2018, 08:16:10 PM
Hi there!

FiveM (https://fivem.net) is a modification for Grand Theft Auto V enabling you to play multiplayer on customized dedicated servers. This project is open source (https://github.com/citizenfx/fivem). Avast has been has having lots of false positives on FiveM's .exe files and urls, including but not limited to FiveM.exe, FiveM_DumpServer, CitizenFX.exe.new, and urls mirrors.fivem.net / runtime.fivem.net.

Please fix this issue, as hundreds of players are currently having troubles caused by Avast blocking everything related to FiveM for some reason  >:(
Title: Re: False positive on FiveM
Post by: Pondus on June 14, 2018, 08:26:07 PM
How to report  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Title: Re: False positive on FiveM
Post by: polonus on June 14, 2018, 10:11:00 PM
Hi iQuadCore,

avast is not the only one that comes up with a generic detection like: https://www.virustotal.com/#/file/02a5e74571efb19b6da1768109bb4d1e1d141f745e66b1bb219b3f5926e777c8/detection
Most detections are for Win32.Trojan.WisdomEyes (also Windows Defender flags here).
Is that proggie asking you to run a coin miner script of sorts?

Just wait for an avast team member to explain their (generic) detection or PUP detection there.
We are just volunteers with relevant knowledge, but only avast team members can explain detections
or eventually change or unblock them.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: False positive on FiveM
Post by: REDACTED on June 14, 2018, 11:07:53 PM
avast is not the only one that comes up with a generic detection like: https://www.virustotal.com/#/file/02a5e74571efb19b6da1768109bb4d1e1d141f745e66b1bb219b3f5926e777c8/detection
What's the file that you've provided that link for? Here's fivem.exe scan:
https://www.virustotal.com/ru/file/690e3cfc1d8c8f8195209ea47aa812487aeede8b85079c32c159d1bc3310a783/analysis/1528998235/
Is that proggie asking you to run a coin miner script of sorts?
Absolutely not. On the contary to that it even has it's own blacklist of domains to prevent server creators from using coin miners on the PCs of their players, you can learn more about it here https://github.com/citizenfx/fivem/commit/15dfdbcb0a042451bb7105f499be601ad50960bf and here https://runtime.fivem.net/nui-blacklist.json .
Could  mentioning coin-hive in source code be the reason for false positive?