[0.13.1] Random save file extensions w/Anti virus detection

Bugs that are actually features.
PiggyWhiskey
Filter Inserter
Filter Inserter
Posts: 255
Joined: Wed May 13, 2015 5:28 am
Contact:

[0.13.1] Random save file extensions w/Anti virus detection

Post by PiggyWhiskey »

I started a 0.13.1 Freeplay using Windows x64 ZIP and received a flag from Trend Micro for RansomWare.
Image

The files flagged were:
e:\program files\factorio\temp\preview.png
e:\program files\factorio\saves_autosave3.zip
e:\program files\factorio\saves_autosave3.tmp.poom.zip

After the flag I got another autosave by a similar random title (autosave3.xxx.xxxx.zip) I deleted it before I wrote it down though.

I'm not sure if it's a Factorio issue or a virus/spyware somewhere on my computer missed by MalwareBytes and Trend Micro IS
wahming
Fast Inserter
Fast Inserter
Posts: 192
Joined: Sun May 17, 2015 8:30 pm
Contact:

Re: [0.13.1] Random save file extensions w/Anti virus detection

Post by wahming »

How would it be a Factorio issue? Factorio is accessing its own files here, but is either getting flagged as a false positive, or you've got some other malware. Assuming false positive, the problem is with the antivirus. Check how to whitelist Factorio in the AV or get it to ignore your save folder.

That 'Trust program' button in your screenshot looks like a nice place to start.
PiggyWhiskey
Filter Inserter
Filter Inserter
Posts: 255
Joined: Wed May 13, 2015 5:28 am
Contact:

Re: [0.13.1] Random save file extensions w/Anti virus detection

Post by PiggyWhiskey »

I did Trust Factorio in the AV (If I can't trust Factorio, I might as well give up)
The issue stemmed from the randomly named autosaves.
I believe the random extensions is what triggered the AV.
As to why Factorio created them....I dont know.
Oxyd
Former Staff
Former Staff
Posts: 1428
Joined: Thu May 07, 2015 8:42 am
Contact:

Re: [0.13.1] Random save file extensions w/Anti virus detection

Post by Oxyd »

It writes to a temporary file first, so that if something goes wrong during the saving process, your original save isn't overwritten. No idea why an AV would flag that as ransomware.
Post Reply

Return to “Not a bug”