Stronghold 3.exe - false alarm?

[Weiku]

Hello,

I have just installed the game Stronghold 3 through my Steam library. After it finished downloading and installing the game itself, it started to check for and/or install some version of DirectX and some Microsoft Visual C++ stuff automatically. While it was doing that, my monitor's resolution suddenly changed in a very weird way and I got a virus warning from Avast saying "We have blocked the threat Stronghold3.exe so it can't harm your computer." - under that it says this was detected by the Behavior Shield (see my screenshot https://imgur.com/OInwns1).

I was pretty sure that must be a false positive, so I added the game to the exceptions list, after which the game automatically started (in very low resolution), and after I set the game's resolution on max and exited the game, my monitor's resolution was back to normal too. Now I have 2 questions:

1. Is my assumption correct that this is a false positive? If yes, what triggered the "detection"?
2. I added the game's .exe to the exceptions as I mentioned, but when I go to Avast's settings (settings -> general -> exceptions), there is nothing there. Why is that?

Thanks for any help.

[Pondus]

How to report  >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


Suspicious files can be uploaded and tested at: www.virustotal.com / www.jotti.org / www.metadefender.com

  If yes, what triggered the "detection"? 

Avast told you ... as you said above   >  under that it says this was detected by the Behavior Shield

[Weiku]

It's just an official Steam game's .exe file, only 2 scanners on Virustotal say they detect something, not Avast though (Bkav says: "W32.HfsAutoB.3B51", Cylance says: "Unsafe").

Also yes, obviously the Behavior Shield triggered the detection, but why? How can a normal, well-known game "behave" like a virus?

And if someone could answer question no. 2, I'd be very thankful. That one is the more important one anyway.

[Michael (alan1998)]

Looked up Stronghold 3 on steam and found Stronghold 3 Gold? Is this the game you're referring to? It's not exactly a well-known game, with around 1750 reviews, most of which bash the game....

Anyways, objectivity here; Can you post the VT link?

[Pondus]

How can a normal, well-known game "behave" like a virus?

hmmmm ... Your neighbourhood had some problems, and since you are a nice guy you patrol the area peeping in windows, checking that doors are locked, car doors ...

Dont be surprised if somone that dont know you think you are a burglar  bc of your suspicious behaviour   

[Weiku]

@Michael (alan1998)

Here's the VT link: https://www.virustotal.com/de/file/1690d8433d2817b9963a711bf0b1243ea38e8b796cc76a3bbea98aca53eb9f78/analysis/

And yeah, Stronghold 3 Gold is a newer edition with additional stuff in it. The Stronghold series in general is very well known, Stronghold 3 is just one of many Stronghold games. It is also the worst one which was released in a very poor state and still hasn't been fixed properly, hence the horrible reviews.

So what about my second question?

2. I added the game's .exe to the exceptions as I mentioned, but when I go to Avast's settings (settings -> general -> exceptions), there is nothing there. Why is that?

[Michael (alan1998)]

Yep,

Look like pretty generic detection's. As for why they aren't in your exceptions list, it's anyone's guess. I can tell you first hand that in development, especially in complex programs, things happens that are unexpected.

The best thing you can do is submit a report to Avast! https://www.avast.com/report-malicious-file.php

Aside from that, if your exceptions aren't being kept, disable your shields until you're done your session(s)

[Weiku]

But when I add something to the exceptions, it should be visible under settings -> general -> exceptions, right? Or am I maybe looking in the wrong place?

[Eddy]

Where the exception is depends on where you have set it.

[Weiku]

So how do I know where I can find my exceptions? I didn't set anything, nor was I ever asked by Avast to do that.

[Michael (alan1998)]

Sorry I didn't get back to you last night, I've been busy with Midterms (Exams..)

(It should also be noted that I haven't used an AV in close to two years now. They cause me more problems then the minimal protection they could offer me.)

I've installed Avast! in a VM to help pin down your issue in regards to Exclusion.

Avast! has a couple different exceptions lists, File Paths, URL's, CyberCapture and Hardened Mode. CyberCapture is the one you're after, but I would also include the path to File Paths as well. (Hardened Mode is an option you check that makes Avast! go ultra-helicopter-parent on your files... If you have that enabled, add the paths there too.) I'm not sure why Avast! wouldn't keep your exclusions, they work perfectly fine for me.

https://www.youtube.com/watch?v=3AqtXcyjrj4

[Weiku]

Ok, then it's really weird that the game's .exe isn't there. Of course I already checked all the different lists, all of them are empty. Though I didn't exclude the .exe through that menu, instead I excluded it in the warning window that popped open after the game started, but I think it should still land in that same list?

And just a question out of curiosity: If you don't use any AV, then why are you so active on one particular AV's forum? It's not like you visit AV forums for the community or something, it's specifically about an AV product, so I find that kinda odd ^^

[Michael (alan1998)]

You'd have to ask Milo, or HondaZ about Avast! shields and why they may not be functioning correctly (be it a bug with your system in particular, or a bug across the product). They would know far more then I, or even the independent experts here would. They would also be able to ask around and see what could potentially be wrong. Try my method, and see if the exclusion will stick. If it doesn't, you may want to try re-installing Avast!.

I've been around for a number of years. These fellows (Essexboy and Pondus if I remember correctly) helped me probably 8 years ago with my own infection, back when I was stupid and didn't know how to handle things. This was back when Vista and 7 were just coming out. However, I've learned many things, and I generally don't do stupid things when browsing the web. THat combined with the fact that I am a student developer, I can't have Avast! (or any other AV) removing my assignments. (And yes, it's happened before. And yes, I could force Avast! to exclude the compilers, and working directories I use; but again, it's just something I don't need.)

Think of security as a phone really. Some people need the power behind the latest and greatest (iPhone X or Galaxy S8 or something), some people only need the ability to text (Samsung Galaxy Ace... or iPhone 4). I just happen not to require the security that I stick on my grandmothers computer :-). It's nothing to be ashamed or even impressed by, more just a fact of life.

As for why I come back every once in a while to pop in, just because I don't use an AV, doesn't mean that I don't believe in Security. My "security" just comes in a different form. However, couple years ago when I dabbled in malware testing and whatnot, I was active on the MBAM forums as well as the G2G forums. (G2G belongs to a network known as UNITE. Many of the malware/virus experts you see here were trained by them.) You'll also note that many of the people who pop in here, aren't always exclusive here. They float around helping people out. Pondus is also active, or at least was active elsewhere.

https://forums.malwarebytes.com/profile/132606-alan1998/


http://uniteagainstmalware.com/