Author Topic: False positive on FiveM  (Read 7596 times)

0 Members and 1 Guest are viewing this topic.

Offline iQuadCore

  • Newbie
  • *
  • Posts: 2
False positive on FiveM
« on: June 14, 2018, 08:16:10 PM »
Hi there!

FiveM (https://fivem.net) is a modification for Grand Theft Auto V enabling you to play multiplayer on customized dedicated servers. This project is open source (https://github.com/citizenfx/fivem). Avast has been has having lots of false positives on FiveM's .exe files and urls, including but not limited to FiveM.exe, FiveM_DumpServer, CitizenFX.exe.new, and urls mirrors.fivem.net / runtime.fivem.net.

Please fix this issue, as hundreds of players are currently having troubles caused by Avast blocking everything related to FiveM for some reason  >:(

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36541
  • Weihrauch Airguns
Re: False positive on FiveM
« Reply #1 on: June 14, 2018, 08:26:07 PM »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32241
  • malware fighter
Re: False positive on FiveM
« Reply #2 on: June 14, 2018, 10:11:00 PM »
Hi iQuadCore,

avast is not the only one that comes up with a generic detection like: https://www.virustotal.com/#/file/02a5e74571efb19b6da1768109bb4d1e1d141f745e66b1bb219b3f5926e777c8/detection
Most detections are for Win32.Trojan.WisdomEyes (also Windows Defender flags here).
Is that proggie asking you to run a coin miner script of sorts?

Just wait for an avast team member to explain their (generic) detection or PUP detection there.
We are just volunteers with relevant knowledge, but only avast team members can explain detections
or eventually change or unblock them.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline iQuadCore

  • Newbie
  • *
  • Posts: 2
Re: False positive on FiveM
« Reply #3 on: June 14, 2018, 11:07:53 PM »
avast is not the only one that comes up with a generic detection like: https://www.virustotal.com/#/file/02a5e74571efb19b6da1768109bb4d1e1d141f745e66b1bb219b3f5926e777c8/detection
What's the file that you've provided that link for? Here's fivem.exe scan:
https://www.virustotal.com/ru/file/690e3cfc1d8c8f8195209ea47aa812487aeede8b85079c32c159d1bc3310a783/analysis/1528998235/
Is that proggie asking you to run a coin miner script of sorts?
Absolutely not. On the contary to that it even has it's own blacklist of domains to prevent server creators from using coin miners on the PCs of their players, you can learn more about it here https://github.com/citizenfx/fivem/commit/15dfdbcb0a042451bb7105f499be601ad50960bf and here https://runtime.fivem.net/nui-blacklist.json .
Could  mentioning coin-hive in source code be the reason for false positive?