Factorio Forums

Hi,

I've been trying to update to 10.8 experimental version, however each time I download the Win 64bit version (installer or zip), Norton kills the factorio.exe due to detected threat: http://www.symantec.com/security_respon ... 08-1854-99

Anyone else seeing this?

Disable Norton while you download.

That link doesn't say Factorio has a virus, just that Norton has never seen the file before.

DaveMcW wrote:Disable Norton while you download.

Oh yes.. it's just a warning.. turn it off since you want xxxxx

On the other hand... if these values are true, it's not doing much good anyway.

Antivirus Protection Dates
Initial Rapid Release version March 27, 2009
Latest Rapid Release version April 20, 2010 revision 025
Initial Daily Certified version March 27, 2009 revision 005
Latest Daily Certified version April 20, 2010 revision 024
Initial Weekly Certified release date April 1, 2009

Also: they suggest that you should not turn norton off, but restore the file from the quarantine

REMOVING A FILE FROM QUARANTINE
It is possible to restore a file from quarantine to its previous location on your computer. This should only be done if you are certain that the file is not malicious. Symantec strongly recommend that you submit the file that was detected even if you choose to restore the file from quarantine.

Norton users
To learn how to restore a file from quarantine using Norton products, please read the following document:
Restoring an item from the Quarantine

That might have a positive effect on factorio's reputation, sparing other norton users from the trouble.

It's likely that other norton users might have such issues too, but took the "disable" shortcut without reporting here.

@ http://www.symantec.com/security_respon ... 08-1854-99
Perhaps none of their users met factorio yet? Or their heuristics got confused by the rapid sub-release cycle?

If the count of affected norton users grows, there are links for whitelisting / disputing a blacklist too.

http://submit.symantec.com/whitelist/ wrote:Note: To prevent false positive detections we strongly recommend vendors to digitally sign their software with a class 3 digital certificate.

That makes sense, since it'll tie all factorio versions (mutations, as they might see) to one certificate.

MF- wrote:

http://submit.symantec.com/whitelist/ wrote:Note: To prevent false positive detections we strongly recommend vendors to digitally sign their software with a class 3 digital certificate.

That makes sense, since it'll tie all factorio versions (mutations, as they might see) to one certificate.

Yesterday I was testing out an installer that claimed to be a "Driver Verifier", which was bundled with five other malware programs that threw up all sorts of fake errors and bombarded my test computer with adverts and warning windows. They were all asking for money (some a regular subscription) to fix all of the problems that they found. They hooked into the Internet Explorer and Firefox on my test system and changed the home page and default search engine and inserted banner adverts into searches

Who had signed the installer for this problem - and many of the others that I test?

I suspect that signing might make it easier for the AV company to tell "new factorio version" from "infected factorio".

You say that virus makers sign their products? So what?
I thought anyone could buy a certificate and sign whatever she desires to.