Factorio Forums

www.factorio.com
https://forums.factorio.com/

Trend Micro thinks Factorio is ransomware (.13.6)

https://forums.factorio.com/viewtopic.php?f=49&t=28430

Page 1 of 1

Trend Micro thinks Factorio is ransomware (.13.6)

Posted: Thu Jul 07, 2016 3:44 am
by Winterdragon
Factorio was auto saving when Trend closed it and said it was ransomware.

Name: factorio.exe
From: Unknown
Version:
Copyright:
Detected Resource or Process ID: c:\program files (x86)\steam\steamapps\common\factorio\bin\x64\factorio.exe
Response: Terminated
Changed Files:
preview.png
_autosave2.zip
_autosave2.tmp.zgdr.zip

Not sure if this is a bug or not. :?:

Re: Trend Micro thinks Factorio is ransomware (.13.6)

Posted: Thu Jul 07, 2016 3:58 am
by daniel34
Trend Micro tends to do that, especially when autosaving.

The only thing that Factorio does is writing a temporary file named savegame.tmp.xxxx.zip and after finishing that it renames it to the proper filename.

This is considered Not a bug by the devs and I fully agree, it looks very much like a false-positive (although how a .zip file would end up as false-positive, I don't know).

See also
[0.13.1] Random save file extensions w/Anti virus detection
[0.13.4][Minor]AV Software Blocked Factorio w/ update

Re: Trend Micro thinks Factorio is ransomware (.13.6)

Posted: Thu Jul 07, 2016 7:46 am
by Phillip_Lynx
Another thing is, if someone plays a 'pirated' copy. There may be anything additional in the code :).

Re: Trend Micro thinks Factorio is ransomware (.13.6)

Posted: Thu Jul 07, 2016 9:37 pm
by Winterdragon
Oh its a legit copy via steam
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited