Skip to main content

Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines

RPG Maker Cook Tool Deluxe

The one stop shop for deploying RPG Maker MV/MZ games · By AceOfAces

Trojan detected in game files after compiling with latest Cook Tools

A topic by Niniann created 21 days ago Views: 68 Replies: 3
Viewing posts 1 to 2

Greetings!
Using the latest version of Cook Tools, had a weird issue occur where Windows Defender claims to have detected a trojan. Here is a screenshot of the issue:


If I use an older version of Cook Tools I had lying around, there is no Trojan detected.

This makes the game unplayable as it deletes the bootstrapper executable unfortunately.

Ran a device scan after this and there were no threats detected.

Did a little research on bearfoos.A!ml and I know this is a false positive, but I wanted to report it in case there were an easy way to prevent this "Trojan detected" message and the deletion of the executable. 

Developer (2 edits)

Hello, Niniann. 

It is indeed a false positive. rcedit (the tool that does the changes to the bootstrap and game's executable to apply the new icon and Metadata) seems to trigger these. It was supposed to be fixed since R5. 11u3, but if it still happens, it's possible that another issue causes it. 

I'm looking into a permanent fix for it, alongside pushing a stop gap fix (rcedit not updating the bootstrap's Metadata) so Windows Defender doesn't delete it all of a sudden. Although, it seems to be a bit rare. 

EDIT: When I say rare, it's a bit of a luck of the draw. Occasionally, it would false flag it. But most of the time, it doesn't.  Not sure why. But I am looking to that fix. A potential workaround is to simply build again. 

Developer

Slight update: I am working towards solving the issue. If everything goes well, I'll push out a hotfix for it very soon. 

Thank you so much for looking into things here and working on an update.

For the record I also submitted the executable I created and reported it as a false flag to Microsoft. They got back to me and said they agreed that it was indeed a false flag and would update their Defender definitions accordingly.

I'm not sure if that would affect Cook Tools created executables in general, but hopefully this could contribute to less false flags in the future with the tool as well.