[Bug] Marked as a virus by Defender and other anti-viruses?

Question

[Bug] Marked as a virus by Defender and other anti-viruses?

pnxl opened this issue 6 months ago · 10 comments

pnxl commented 6 months ago

Current Behaviour

Controlify gets flagged as a virus that can execute commands from an attacker.

Expected Behaviour

not be flagged lmao

Screenshots

Reproduction Steps

download

Logs

No response

Mod Version

2.0.0-beta.2

Controller

No response

Bluetooth

Yes

Operating System

Windows

ARM

Yes

Additional Information

2.0.0-beta.2+24w14potato.jar VirusTotal hash: https://www.virustotal.com/gui/file-analysis/OTc3YjIzMGE0NGRmZjU1MTIwYzZiY2I2ZWRlZjJlOGI6MTcxMjkwNzUwNQ==

2.0.0-beta.2+1.20.4. VirusTotal hash: https://www.virustotal.com/gui/file/b7e129766e3dbfd6fbf93ae7cfc568c5a43001479617024a4fb5371003ecb240

Just to make sure...

I have made sure I am using the latest version of Controlify for the latest version of Minecraft.
I have made sure there are no other issues describing the same problem on the issue tracker.

isXander · Answer 1 · 2024-04-12T08:30:45.000Z

This is a false positive, you can safely use controlify.

meridianrealms · Answer 2 · 2024-04-12T15:22:59.000Z

Also receiving this with windows defender as of this morning. Wasn't being flagged about 12 hours ago.

ManuFlosoYT · Answer 3 · 2024-04-12T17:41:29.000Z

Incompatible mods found!
net.fabricmc.loader.impl.FormattedException: net.fabricmc.loader.impl.discovery.ModResolutionException: Mod discovery failed!
	at net.fabricmc.loader.impl.FormattedException.ofLocalized(FormattedException.java:63)
	at net.fabricmc.loader.impl.FabricLoaderImpl.load(FabricLoaderImpl.java:197)
	at net.fabricmc.loader.impl.launch.knot.Knot.init(Knot.java:146)
	at net.fabricmc.loader.impl.launch.knot.Knot.launch(Knot.java:68)
	at net.fabricmc.loader.impl.launch.knot.KnotClient.main(KnotClient.java:23)
Caused by: net.fabricmc.loader.impl.discovery.ModResolutionException: Mod discovery failed!
	at net.fabricmc.loader.impl.discovery.ModDiscoverer.lambda$discoverMods$1(ModDiscoverer.java:147)
	at net.fabricmc.loader.impl.util.ExceptionUtil.gatherExceptions(ExceptionUtil.java:33)
	at net.fabricmc.loader.impl.discovery.ModDiscoverer.discoverMods(ModDiscoverer.java:147)
	at net.fabricmc.loader.impl.FabricLoaderImpl.setup(FabricLoaderImpl.java:215)
	at net.fabricmc.loader.impl.FabricLoaderImpl.load(FabricLoaderImpl.java:192)
	... 3 more
Caused by: java.lang.RuntimeException: java.lang.RuntimeException: Error analyzing [D:\Minecraft\ATLauncher\instances\FabulouslyOptimized\mods\Controlify-2.0.0-beta.2+1.20.4.jar]: java.io.FileNotFoundException: D:\Minecraft\ATLauncher\instances\FabulouslyOptimized\mods\Controlify-2.0.0-beta.2+1.20.4.jar (No se pudo completar la operación porque el archivo contiene un virus o software potencialmente no deseado)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
	at java.base/java.util.concurrent.ForkJoinTask.getThrowableException(ForkJoinTask.java:562)
	at java.base/java.util.concurrent.ForkJoinTask.reportExecutionException(ForkJoinTask.java:604)
	at java.base/java.util.concurrent.ForkJoinTask.get(ForkJoinTask.java:981)
	at net.fabricmc.loader.impl.discovery.ModDiscoverer.discoverMods(ModDiscoverer.java:144)
	... 5 more
Caused by: java.lang.RuntimeException: Error analyzing [D:\Minecraft\ATLauncher\instances\FabulouslyOptimized\mods\Controlify-2.0.0-beta.2+1.20.4.jar]: java.io.FileNotFoundException: D:\Minecraft\ATLauncher\instances\FabulouslyOptimized\mods\Controlify-2.0.0-beta.2+1.20.4.jar (No se pudo completar la operación porque el archivo contiene un virus o software potencialmente no deseado)
	at net.fabricmc.loader.impl.discovery.ModDiscoverer$ModScanTask.compute(ModDiscoverer.java:288)
	at net.fabricmc.loader.impl.discovery.ModDiscoverer$ModScanTask.compute(ModDiscoverer.java:237)
	at java.base/java.util.concurrent.RecursiveTask.exec(RecursiveTask.java:100)
	at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
	at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
	at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
	at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
	at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)
Caused by: java.io.FileNotFoundException: D:\Minecraft\ATLauncher\instances\FabulouslyOptimized\mods\Controlify-2.0.0-beta.2+1.20.4.jar (No se pudo completar la operación porque el archivo contiene un virus o software potencialmente no deseado)
	at java.base/java.io.RandomAccessFile.open0(Native Method)
	at java.base/java.io.RandomAccessFile.open(RandomAccessFile.java:344)
	at java.base/java.io.RandomAccessFile.<init>(RandomAccessFile.java:259)
	at java.base/java.io.RandomAccessFile.<init>(RandomAccessFile.java:213)
	at java.base/java.util.zip.ZipFile$Source.<init>(ZipFile.java:1442)
	at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1407)
	at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:716)
	at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:250)
	at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:179)
	at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:193)
	at net.fabricmc.loader.impl.discovery.ModDiscoverer$ModScanTask.computeJarFile(ModDiscoverer.java:309)
	at net.fabricmc.loader.impl.discovery.ModDiscoverer$ModScanTask.compute(ModDiscoverer.java:278)
	... 7 more

I cant even open the game, Fabric will instantly crash and return this along with a Microsoft Defender message

dmx0987654321 · Answer 4 · 2024-04-12T20:44:28.000Z

I have the same problem. I cannot "safely use Controlify" no matter how hard I try, because Fabric will not launch the game with it installed. I only got it to launch after Windows Defender quarantined the file and it was no longer being accessed by Fabric.

aquahonoredhi · Answer 5 · 2024-04-12T22:16:59.000Z

I am also having this issue. it was working fine moments ago, until my game crashed and it now gets flagged as a virus

Fsuiopmn · Answer 6 · 2024-04-13T03:55:59.000Z

this happened to me too, didnt really know i had this mod lmao but i had to remove it to even play mc even though im about 99% certain its not a trojan, also started happening recently

AnnsAnns · Answer 7 · 2024-04-13T07:50:28.000Z

Looks like controllify became the victim of the Microsoft Defender wrath in a really annoying way, it completely broke my modpack too

isXander · Answer 8 · 2024-04-13T16:29:01.000Z

You can make an exemption to the mod file to allow your game to load.

isXander · Answer 9 · 2024-04-14T10:20:06.000Z

I have submitted a false positive to Windows Defender and the detection has now been removed.
Here are the steps to make sure your malware definitions are up-to-date (taken from the submission portal):

Open command prompt as administrator and change directory to C:\Program Files\Windows Defender
Run MpCmdRun.exe -removedefinitions -dynamicsignatures
Run MpCmdRun.exe -SignatureUpdate

Alternatively, the latest definition is available for download here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus

Share to