Factorio Forums

I started a 0.13.1 Freeplay using Windows x64 ZIP and received a flag from Trend Micro for RansomWare.


The files flagged were:
e:\program files\factorio\temp\preview.png
e:\program files\factorio\saves_autosave3.zip
e:\program files\factorio\saves_autosave3.tmp.poom.zip

After the flag I got another autosave by a similar random title (autosave3.xxx.xxxx.zip) I deleted it before I wrote it down though.

I'm not sure if it's a Factorio issue or a virus/spyware somewhere on my computer missed by MalwareBytes and Trend Micro IS

How would it be a Factorio issue? Factorio is accessing its own files here, but is either getting flagged as a false positive, or you've got some other malware. Assuming false positive, the problem is with the antivirus. Check how to whitelist Factorio in the AV or get it to ignore your save folder.

That 'Trust program' button in your screenshot looks like a nice place to start.

I did Trust Factorio in the AV (If I can't trust Factorio, I might as well give up)
The issue stemmed from the randomly named autosaves.
I believe the random extensions is what triggered the AV.
As to why Factorio created them....I dont know.

It writes to a temporary file first, so that if something goes wrong during the saving process, your original save isn't overwritten. No idea why an AV would flag that as ransomware.