Skip to main content

Browse GamesGame JamsUpload GameDeveloper LogsCommunity
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines
itch.io Community » General » General Discussion

Tips : Avoid false positives with anti-viruses and Godot Engine 4 exports

A topic by Dimeao created Aug 08, 2024 Views: 510 Replies: 6
Viewing posts 1 to 2
Dimeao127 days ago(+1)

I recently found that games compiled/exported with Godot 4 may be (falsely) flagged as Trojan or trigger Heuristic analysis on some antiviruses (tested with virustotal).

How to prevent this when you export your game with Godot :

  • Uncheck "[ ] Embed PCK" in the "Options" tab (no matter if you enable encryption of your .pck file or not)
  • Export as Zip instead of .exe (the resulting file is way more compact too)


That's all

Hope it will help you

Cheers, Dimitri

Source : https://www.reddit.com/r/godot/comments/114s6hg/comment/kwbctit/

Reply
Yanna3River126 days ago(+1)

ty for the warning. I had no idea this was something that could happen?

Reply
redonihunter125 days ago(+1)

It happens for many game engines. Godot packed exe are quite a bad offender here. But you will also see false positives for some renpy and rpgmaker. And this gamemaker engine. Possibly others too.

It is a huge problem, since malware is bundled with real games. What is a user to think? Is the antivirus warning a false positive or real positive? So better safe than sorry.

Shame on the game engine makers. And to some extent on the scanner makers. But more on the engine makers. They try to be "clever" in their exe creation. But "clever" is what malware does. We need reliable and obvious. That is also good for less bugs, I would imagine.

Reply
Dimeao125 days ago (1 edit) (+2)

Last week, I found this by chance for my own game, thinking "what does it look like when you submit it through virustotal?" Indeed, there was a false positive on the latest version at the time. I went looking for an answer and found that it was due to the packaging and encryption of the game code in the exe. The solution was therefore to separate the game engine from the game data, as indicated, and following this I have not had any new false positives (for now).

(I imagine that some antiviruses must find it suspicious that a portion of an executable is particularly obfuscated or encrypted)

Reply
redonihunter125 days ago(+1)
I imagine that some antiviruses must find it suspicious that a portion of an executable is particularly obfuscated or encrypted

How dare they! It is perfectly reasonable to have code obfuscation and encryption and clever packing algorithms for user level leisure applications. Those things are a vital part of the gaming experience. Nothing suspicious going on here. Move along.

Reply
voxelmaker120 days ago(+2)

Thanks! While exporting past builds of my game to my friend to playtest it, it was flagged as a virus. I'll try exporting it as a zip file.

Reply
Yanna3River117 days ago

Virus-chan strikes again.

Reply
AboutFAQBlogContact us
Copyright © 2024 itch corp · Directory · Terms · Privacy · Cookies