Main Menu

Norton Antivirus detects installer as threat

Started by tromtez, October 30, 2012, 06:54:18 AM

Previous topic - Next topic

inm8#2

#40
Quote from: wilco64256 on October 31, 2012, 12:48:30 PM
Quote from: inm8#2 on October 31, 2012, 10:34:43 AM
I've run two extended diagnostic tests on my hard drive. Both tests have run slowly, stalled, and eventually failed due to many bad sectors.

With a third report of the same issue, I don't think it's an isolated problem.

While I agree that a number of people may be likely to encounter the same issue, I don't think there's anything that we can do about it from our end. It'd take a significant amount of time for us to get the proper certificates coordinated through Microsoft, and a pretty solid chunk of change out of our already stretched-super-thin budget.

The recommendation I always give in general is to shut off antivirus software anytime somebody is downloading a product from a trusted source. And never to turn off a system during a memory dump or virus scan.

If someone's system is frozen due to that file causing issues, and they wait hours with nothing happening, they really have no choice but to turn off or restart since the damage has been done at that point. That's why chkdsk ran automatically after reboot. Plus, when greenisles and I logged into our systems and saw the HDD capacity dropping, it was due to the bad sectors on the hard drive being closed off so that they can't be used.

Turning off antivirus software for every time you download something isn't really a wise practice. One cannot simply categorize which sources are trusted and which ones aren't. But this issue is one I've never had from various other sources and file sizes.

wilco64256

Personally I haven't use real-time virus protection for years and haven't had a single problem. I just run an online scan from Housecall once a week and also scan individual files as needed before uploading or running them. Prior to that, I had major headaches with Nortan, Symantec, and Microsoft all blocking things that I knew were safe and creating more frustration than they saved.

I definitely do wish there were something we could do on our end to assist with this, but I'm really not certain there's anything that we can do about this one. Perhaps after the game has been out for a couple of weeks the antivirus systems will be less freaked out by it and more cooperative.
Weldon Hathaway

inm8#2

#42
In two years of using Microsoft Security Essentials on Windows 7, and downloading all types and sizes of files from countless sources, this is the first issue of its kind I've had.

I fail to see how antivirus systems will be "less freaked out" by a specific file in a couple weeks if, as you've said, certificates aren't being actively pursued. I don't think a lack of certificates is the issue.

This discussion has gone from talking about an issue with the installer file to blaming antivirus software, or criticizing users for not having the foresight to disable said software, or criticizing them for being forced to restart their computers after hours of waiting with the system completely frozen.

I think I've conveyed the issue, my diagnostics and efforts to repair, etc. pretty clearly. Others have reported the same issue. Yet the discussion diverts to why people shouldn't use real-time virus protection, while points made or repeated about the problem are ignored (e.g. it's been said that systems were frozen for hours, but posts suggest people got impatient and rebooted after a few minutes).

I've spent two days on this and will probably have to replace my hard drive (with money I don't have). Being blamed for using a very trustworthy, widely used antivirus software doesn't seem very empathetic or conducive for productive discussion about a technical issue we've identified.

I've been respectful and calm in this discussion, but the dismissive manner in which my posts are being responded to (with parts of them ignored) concerns me. I'm not angry or upset- simply disappointed.

wilco64256

I'm really not trying to be dismissive in any way, there's just really absolutely nothing else that we can do to make Security Essentials be less problematic. We sent this installer to over 600 people and have only had three people come back with this issue. As much as I like to try and fix everything I possibly can, some things are just completely random, unpredictable, and unpreventable. I am tremendously sorry about the issue you encountered and don't mean to downplay its impact for you personally in any way, but there's really not anything we could do differently to make sure that not one single person has any problem downloading or installing a program.
Weldon Hathaway

inm8#2

#44
I've already conceded that not much can be done about the issue if you can't replicate it or didn't hear about it during beta tests or from other backers currently playing.

http://www.postudios.com/blog/forum/index.php?topic=12498.msg344601#msg34460

But nevertheless, it's something that's happened with at least three people (four including the OP), and two different programs had trouble processing the file.

My mindset here isn't that I must play the game as soon as possible at all costs, and I haven't made any demands. I think my posts have been rational, detailed, and informative about the issue.

Again, my primary concern has been the responses that unnecessarily and continually shift blame onto the users by saying it's our mistake for using widely accepted antivirus software, then using this to rationalize the problem we've dealt with.

We have been respectful in this process, but I find it extremely discomforting that it seems acceptable for "only three people" out of 600 people to have their hard drives ruined. That attitude in itself is extremely dismissive, and I take some offense at the suggestion it's okay for a few people to go through this.

The users are posting about the problem so a solution could be potentially and collectively found. I personally would hope that others don't suffer the same outcome I have.

I've tried to be reasonable, but at this point this thread has left quite a poor impression upon me, not for the problem specifically, but for the other reasons I've had to raise multiple times.

spinz

its really quite strange, eeeverything you guys described happened to me the night they released the demo. The download messed up riiight before it finished, then i struggled for hours trying to interact with the file at all and had disk problems.
But when i downloaded the demo again, none of it happened. So i assumed i was a fluke. But now im convinced its related.
I dont think this is what they call a "false positive", because it never showed up in my antivirus logs. But it is probably related to windows security in some way.

Cez

Quote from: inm8#2 on October 31, 2012, 02:48:18 PM

We have been respectful in this process, but I find it extremely discomforting that it seems acceptable for "only three people" out of 600 people to have their hard drives ruined. That attitude in itself is extremely dismissive, and I take some offense at the suggestion it's okay for a few people to go through this.


Again, we apologize for the inconveniences, we are not dismissing the problem. We have been continuously discussing it internally, but there are things that are beyond our control.

Our IT person mentioned this to us today regarding differences in hard drive space, because we sent him the picture you had posted here.

"This is normal, when you buy 300GB hard drive you don't have 300GB, you more likely have 280. File allocation table parameters are not rounded off to whole numbers.  The larger a drive is the more "Off" space a person will have and these number are reported differently between looking at properties on drive and data tables. "

We've been truly trying to run tests and seeing if we can reproduce the issue you are having with no luck. We aren't folding our arms on it, and I don't want you to get that impression, but so far, we haven't been lucky reproducing it.

It is our wish here to make sure you guys are having the best experience possible. If you want to discuss other possibilities in which we could make up for this, please email us at support@postudios.com and we can discuss it over there.

Thank you, and apologies again.


Cesar Bittar
CEO
Phoenix Online
cesar.bittar@postudios.com

inm8#2

Quote from: Cez on October 31, 2012, 04:34:17 PM
"This is normal, when you buy 300GB hard drive you don't have 300GB, you more likely have 280. File allocation table parameters are not rounded off to whole numbers.  The larger a drive is the more "Off" space a person will have and these number are reported differently between looking at properties on drive and data tables. "

Dear Cesar,

Thanks for your response, but this quoted part is quite troublesome to me. Please allow me to explain why.

I am aware that hard drives use less space than the maximum capacity (usually around 10% is not used). This is because that space is actually reserved for cases like mine - when bad sectors need to be 'replaced' with working ones. However, when the number of bad sectors is large, the drive becomes unstable and eventually fails.

I've accepted the apologies and never doubted they're sincere. I haven't had any hard feelings, but something that seemingly questions my computing skills or understanding of how hard drives work is what stands out to me. If you guys had just said, "Hey, we're sorry, we tested the file on various systems and didn't find this issue. Let us know if we can help or if you find a solution to your issue," it would have been fine.

I came here to see if other users had this issue, discuss it with them, and work to a solution. I accept its out of your hands to determine what exactly happened with the three or four of us. I don't hold it against you guys. But each response keeps telling me I somehow did something wrong, or my understanding of something is wrong. The general progression of the thread is:

- A couple users report the same issue with the download of the installer file freezing their system and causing hard drive problems, and that hard drive capacity is reduced due to corruption during download process. Details and background are provided to PO in case they need to investigate or repair the installer file
- Users are told to empty recycle bins and that the installer is fine
- Users then told to disable AV software
- Some details provided by user overlooked, when my intent was to be informative so that people can understand, discuss, and potentially resolve the issue.
- User has to repeat and outline the problem and show proof that something did happen
- At this point its again said to not use AV software, and the discussion is derailed a bit
- After explaining the problem with communication in this thread, it's suggested that three afflicted hard drives out of 600 is acceptable.
- Now, the occurrence of this issue is questioned in the quoted section above.

All the details regarding the systems freezing for hours, rebooting, automatically running a "chkdsk", logging into windows and watching the HD space decrease in real time as the affected sectors are essentially quarantined establish the issue. The stagnation when the downloaded file was being scanned caused hard drive corruption.

So, we've gone from discussing and explaining a problem, to looking for a solution, to having a temporary workaround, to now saying the reported HDD space is actually fine, which suggests no problem occurred. As the discussion has progressed, I've gone from explaining the problem to simply needing to establish that it happened.  All of the information, details, diagnostics, etc. that I've been providing have seemingly been marginalized. I stated earlier that resolving my HD issue was not relevant to this thread, but figuring out potential causes for the download/filescan issue could be helpful for at least for preventive measures.

Just as a side note I've sought the aid of tech repair experts on another forum and run two separate HDD diagnostics:

http://www.passmark.com/products/diskcheckup.htm
http://support.wdc.com/product/download.asp?groupid=612&sid=3&lang=en

Both tests run a detailed disk verification. Run separately, both tests have failed to complete due to the presence of too many bad sectors on the HDD, as reported by the WDC tool. Here are two comments I've received:

"Test results indicate that a new drive is in order."
"Generally if the Western Digital diagnostic software is showing bad sectors then these are not likely to be recoverable. If I was in your situation I would replace the hard drive. "

I feel it necessary to include all this above information demonstrate that there was a problem, and it's not because of my understanding of HDD space. And once more I'm not making demands, assigning blame, or posting in an angry manner, but the same thing did happen to at least three of us. After all the discussion, the issue is apparently attributed to the user's understanding of HDD capacity. I don't see how anyone could draw that conclusion given all the information greenisles and I have provided. I'm really not sure how to react to this, other than having to reiterate and detail the problem once more, and point to my previous posts which include detailed accounts of what happened (which matches greenisles' case).

My frustration has stemmed from the communication aspects, rather than the technical issues I'm facing.

I am not trying to be difficult or raise a stink here, but I feel compelled to clarify all these points based on responses I've received. I've done my best to be rational and reasonable here, agreeing that the problem isn't one we could have foreseen, and it's not something that can be completely prevented. Nobody/nothing is immune from PC issues, and as a long time computer user I know that as well as anyone. I even apologized earlier in this thread for having to bring this up on launch day, since the last thing I want to do is dampen what should be a great time for you all (and it still is given the positive feedback on the game). Honestly, I hesitated to even post in the first place. I have never had any intention of blaming anybody. But I felt it was important share my experience, see if others had a similar issue (which they did), and find a solution if possible. Plus, by diagnosing the problem others may be able to avoid it. I have accepted that at this point, disabling MSE during the download is probably the best route, whenever I reach that stage. It's not optimal, and the technical side of me always wants to figure out root causes of problems, but I don't expect us to be able to accomplish that. It's more about people being aware in case they are susceptible to the same issue.

But it's some of the responses and comments I've mentioned that have troubled me. I really hope that my posts are clear enough to both illustrate the issue we had with downloading and enlighten what was problematic in the ensuing discussion.

Thanks for reading.



Cez

We truly appreciate that you've taken the time to report these issues. You'll have to excuse our ignorance regarding your skill level when dealing with technical issues --there's no way for us to know that. We are trying to work through the problem ourselves and trying to provide solutions to a problem we are no able to reproduce because it's a shame that this has happened to you.

So, it's not in our intention to offend you, or to diminish the issue or brush it aside. Everything we have offered is to try and help you through the problem you are now facing. By saying something like you have to replace a hard drive with money you don't have, makes me feel responsible for what happened. It's my natural reaction to want to help you with this issue.

I've personally seen how excited you've been about the release of this game, and how supportive you've been overall in articles and forums threads at adventuregamers, and I hate to see this happening to you on what should have been a very happy experience.

Again, feel free to contact us directly at the email provided earlier should you continue to experience issues with the product.

Thank you.


Cesar Bittar
CEO
Phoenix Online
cesar.bittar@postudios.com

snabbott

#49
Quote from: Cez on October 31, 2012, 04:34:17 PM
"This is normal, when you buy 300GB hard drive you don't have 300GB, you more likely have 280. File allocation table parameters are not rounded off to whole numbers.  The larger a drive is the more "Off" space a person will have and these number are reported differently between looking at properties on drive and data tables. "
At least part of this issue is the difference between GB (=1000 MB) and GiB (=1024 MiB), etc. Windows reports size in KiB/MiB/GiB/TiB, whereas hard drive manufacturers use MB/KB/GB. (see http://en.wikipedia.org/wiki/Binary_prefix).

I looked into this, and WinDirStat and Windows do appear to report about the same amount of disk space (actually, WinDirStat reported a little more than Windows in my case - as long as your user has permissions to everything, which appears to be the case with inm8#2).

Something I'm not clear on - is it even possible for software to create bad sectors on a hard disk? I thought that was a hardware problem, but I'm no expert. ???

Quote from: inm8#2 on October 31, 2012, 02:25:22 PM
I fail to see how antivirus systems will be "less freaked out" by a specific file in a couple weeks if, as you've said, certificates aren't being actively pursued. I don't think a lack of certificates is the issue.
I don't know about MSE specifically, but some programs rely partly on a file's "reputation" which, at the time of initial release, is nonexistent.

Steve Abbott | Beta Tester | The Silver Lining

wilco64256

Quote from: snabbott on November 01, 2012, 12:25:03 PMI don't know about MSE specifically, but some programs rely partly on a file's "reputation" which, at the time of initial release, is nonexistent.

This is accurate. MSE, Norton, and Symantec all rely very heavily on a file's overall reported reputation, so when a new program from a largely unknown developer first launches there's zero reputation at all to work with so some programs automatically assume the file is a threat and treat it as such, while others just very carefully scan it before letting it do anything.
Weldon Hathaway

spinz

Quote from: spinz on November 02, 2012, 11:31:23 PM
01:14:07 AM)


eureeka!! somebody who still has the problem try this: in the windows search bar type "uac" then click on the user account control. Turn it all the way down. (turn it back up again later!)
It specifically says that programs that are not certified with windows can conflict with the uac. so try turning it off :)

im posting my revelation here too in case it helps someone. i think this is at least very close to the problem.

ipaine

#52
Just wanted to comment on the missing space on your drives. I am not sure of this as I do not use that windirstat, but I do use treesize and have tried to figure out missing space on many systems at work. What it usually ends up being are hidden system files, namely page.sys and hiberfil.sys. Even if you think you have the page file and hibernation turned off, you might want to take a look for those two files. If they exist they are in the root of C.

To get rid of the page file then you need to change the settings for it. Now to get rid of the hibernation file it is not good enough to just turn hibernation off. You have to open up a command prompt (run as admin) and in there type this:
powercfg -h off
That will turn off hibernation and get rid of any hiberfil.sys file that may be there taking up space.

Just a thought anyways. Not sure if it will help but it is something to look out for.


Edit: Just to add to this I ran a scan on my backer exe that I just downloaded and during its scan it certainly caused hard drive space to get used up and yes the scan took a little longer to complete than it should have but it did complete. And once it had completed all the space it had used was returned. So with that knowledge I would say another source of the missing drive space would be from security essentials not killing the temp file or log file that it created while trying to scan the file. Suggest maybe using something like ccleaner to help get rid of any temp files and such.

inm8#2

page.sys and hiberfil.sys are accounted for in the root of the C:\ drive in all my screenshots (about 6 GB of "Files").

The issue was that since the system froze during the scan, all that temporary space was not accounted for (and located in what chkdsk and other diagnostics pointed to as bad sectors).

I'm trying to see if I can get those files to show up and then remove them, since they were corrupted during the download.

In another thread we've basically decided that to avoid the issue, one should turn off UAC and real-time AV protection before downloading and installing. After the game is installed, AV protection can be turned back on. I installed from a USB drive, so I never copied the installer to my actual HDD.

I can't speak for the devs and testers, but if there's a chance maybe this can be fixed for future releases. But at least we have something of a workaround.

wilco64256

Yeah I will be looking into seeing what can be done for whitelisting as much as possible in the future. There's a few things I'd note here that do make that a bit of a pain for little indies like us:

1. There's a bunch of different antivirus software programs out there and they all have a different set of hoops to jump through, and a wide variety of timeframes for getting whitelisted. Some cost a nice little chunk of change, and some can take weeks to get approved.

2. Pretty much every distributor uses their own installation file, meaning we'd have multiple files to whitelist. We're already being distributed through three sites that all would need their own files checked and verified. Every distributor that gets added makes for another file to get checked.

3. Even when you have been whitelisted, some programs will still whine about your installer and cause headaches, so even going to the above effort doesn't work in all cases.

4. When you're running on a bare-bones budget and insane deadlines, it's pretty tough to tack a couple of extra weeks onto your schedule for whitelisting. This is a lot easier for mega-AAA studios that can "go gold" on a project and then spend a couple of months on additional testing, ratings, whitelisting files, etc.

Now none of this is meant to say that we're not interested in simplifying this process as much as we can. I'll be the first to say it drives me up the wall when I have trouble installing or playing something I bought. Just keep in mind that this is our first commercial product and we're learning a few things from this release that work a bit differently than dropping a free game onto the market did. We appreciate the feedback, we appreciate the support, we appreciate your patience while we resolve unexpected kinks, and we REALLY appreciate our fans.
Weldon Hathaway

wilco64256

Quote from: greenisles on November 07, 2012, 08:03:27 PM
I still cannot play this game.

I just want to know, is Phoenix Online looking into fixing this issue, or not?  

I understand that the majority of gamers aren't running into this rather serious problem, so please don't bother mentioning that.  You've told us already, many times now actually.  Besides, it's irrelevant, because the fact still remains that there ARE customers/supporters right here who can't play a product they gave their hard-earned cash for.  And just so you know, I'm not rich, far from it.  I'm a medical student with over $100,000 in student debt, no exaggeration.  Still, I donated $60.00 to your Kickstarter campaign.  So throwing your hands up and saying, "Sorry, others don't have any problem," and pointing the finger at our computers or our antivirus software (used by millions, btw) is quite frankly, rather disrespectful.  

Honestly, I believe the way this situation was handled, specifically the responses from some of your team members, was rude and unprofessional.  If Phoenix Online is aspring to be like Sierra (or any other computer gaming company for that matter), you really have some work to do in the whole customer support/relations department.

I don't mean any disrespect.  But I feel I have a right to express my opinions, however strong they may be.  If you read my original posts in this topic up until now, I think you'll see that I was courteous and kind during the whole process.  I wanted to work with you to figure out the problem.  Instead, I was forced to spend two days getting my system back to normal, and came to this forum not to find support but instead be told, "It's not us, it's you."  Now I ask myself why I even bothered sharing my problems in the first place.

At this point I hope you can see why I'm frustrated and angry... but most of all I'm disappointed.  Disappointed in myself for supporting a project and team I couldn't quite rely on.

I haven't seen any updates from you in a few days so I'm actually not sure exactly what issue you're still running into. If you'd like to toss an email to support@postudios dot com and let us know where you're currently getting stuck with downloading or installing we can look at the issue from there. So far we've been able to get everybody else who's reported an issue up and running so we'd definitely like to help you as well.
Weldon Hathaway

wilco64256

Quote from: greenisles on November 07, 2012, 08:26:29 PM
My issue is the same as it's always been.  I can't download the file without my system going into crazy mode.  The file stops downloading at 99%, yet when I hit cancel it remains on my desktop and my system resources/SSD get hung up on *something.* Please see my original posts, as I don't think it makes sense to copy and paste what I've already said.

(Posted on: November 07, 2012, 11:24:37 PM)


inm8#2, did you get the file working?  Can you let me know what you did, or refer me to the right spot?

inm8 posted a workaround a few posts up, linked here:

http://www.postudios.com/blog/forum/index.php?topic=12498.msg345292#msg345292

Turned off UAC and real-time AV protection temporarily while installing the game, granted most people haven't had to do that, but unfortunately there's no 100% foolproof method for making sure your file waltzes easily past any antivirus system.
Weldon Hathaway

greenisles

#57
If I'm going to try this I'll have to do so on my old laptop... can't afford to lose two days of work again.  PMed inm8#2 to get more info.

Btw, does anyone know Cesar's e-mail or contact info?  Or the best way to reach him.

EDIT: Found it.

inm8#2

#58
One thing I would add is that for indie bundles like Humble Indie Bundle, Indie Royale, etc., the developers are required to provide DRM-free installer files (with few exceptions for Steam-only games).

I haven't had any anti-virus or other issue with those many different game installer files (in total I've downloaded at least 50 of them). So, while I don't think certification/white-listing is "easy", it's something that various other indie studios, big and small, have been able to achieve.

If you guys want to make this process smoother for episode 2 and beyond, I'd recommend getting info (OS, anti-virus software, user account control settings, etc.) from the backers who downloaded the file via FTP. If you can't replicate the issue, collecting this data would strongly help to identify what components of the installer's packaging/signature/other caused our AV and OS to freeze, as well as what configuration of OS/AV/UAC/etc. was most commonly or distinctly causing the problem.

Without a picture like this, I imagine it would be extremely challenging to identify and implement a specific solution.

Say



Say Mistage
Phoenix Online Studios

#IndieSupport <3