Twitter  Facebook  YouTube  E-Mail  RSS
The One Man MMO Project
The story of a lone developer's quest to build an online world :: MMO programming, design, and industry commentary
Battling BitDefender
By Robert Basler on 2015-10-08 00:35:05
Homepage: email:one at onemanmmo dot com

There is nothing like trying to get software running in an environment that is actively screwing with it.

[Rolling Strike Force Alpha]

I borrowed a laptop with a 3K (3200x1800) screen from a friend to do some debugging on high resolution displays. Bugs like Windows reporting the 3K laptop's screen resolution as 1067x603?!?! (I wasn't calling SetProcessDPIAware early enough.) There were an assortment of minor issues I was able to quickly fix, but when I went to test them, things really started to go off the rails.

Miranda is designed so that I can easily set up a standalone game and patch server on a PC for testing, so I set this up on my development PC, then downloaded and ran the signed and elevated installer on the 3K test PC. Easy peasy.

First try, the installer immediately stopped with an error, the log showed that the web server was returning an HTTP 403 Forbidden error code downloading laircrashreporter.exe (LairCrashReporter is a tool I wrote to - you guessed it - report crashes to Secret Lair Games.) Oddly enough, checking the logs on the server, it showed 200 OK status instead. Somewhere between the server and the installer the status code was being changed. Weird.

I tried downloading the file using Mozilla Firefox and up popped an error message from BitDefender, the antivirus software installed on the 3K PC, stating that laircrashreporter.exe is in fact Gen:Variant.Kazy.721075 - a Trojan. My first concern was that my development system might be compromised despite the antivirus software it runs, but some testing quickly confirmed that laircrashreporter.exe was in fact just laircrashreporter.exe. BitDefender was reporting a false positive. I then ran laircrashreporter.exe against which tests a file against 56 different virus scanners, 8 of those reported it was Gen:Variant.Kazy.721075. That could be a problem.

Once I modified the installer to report the 403 error and point the user at their antivirus software, BitDefender mysteriously changed its MO. The next test the installer downloaded the file perfectly and it was successfully written to a temporary location while it waited to be moved to its final location. A moment later when the installer went to move the file to its final location, the installer crashed on an unhandled exception. Oops, my bad that.

Checking the log, the installer had failed trying to move the laircrashreporter.exe file to its final location because the file it just wrote had vanished. I took a look at BitDefender again, and sure enough, BitDefender had "fixed" the temporary file for me by deleting it. Awesome.

I spent a lot of time thinking about how to address these attacks by BitDefender, but in the end, all I could really do was provide additional error messages and hope the user figures it out before they contact Tech Support. Unlike a lot of software projects, Miranda verifies its installation on startup so it is guaranteed that players can't get into game with a damaged installation.

After two days of struggles, I had to admit defeat and add exceptions to BitDefender for the locations where the installer writes files to be able to get through the installation. But the first time LairCrashReporter attempted to report a crash, BitDefender chimed in yet again with The application laircrashreporter.exe attempted to connect to the internet using TCP protocol on port 50482. BitDefender Firewall detected malicious activity and denied access for this application. So I manually added a firewall exception for laircrashreporter.exe. This issue could probably be addressed by encrypting the crash data but I'll leave that hack for another day.

Steam has a page all about false positives in antivirus software so obviously I'm not the first developer to encounter this. Still it feels like a problem I just shouldn't have to deal with. Going through all of this made the software better, but it is sort of like the devs of Guild Wars figuring out that 1% of their game crashes are actually hardware failures. Oh, and since I'm picking on BitDefender, it is completely DPI-dysfunctional, I practically needed a magnifying glass to read it on the 3K laptop.

If any testers are using BitDefender, you will need to add scanning exceptions for:

programdataSecret Lair GamesMirandaPatcher

program files (x86)Secret Lair GamesMiranda

And a firewall exception for:

program files (x86)Secret Lair GamesMirandalaircrashreporter.exe

By Robert Basler on 2015-10-08 17:39:39
Homepage: email:one at onemanmmo dot com
Unbelievable. I kept turning things off in BitDefender's settings, but it still kept popping up new false virus notifications. In the end I found three more things that BitDefender was causing problems with:

  1. It was preventing Berkelium (the UI library I use) from communicating with Chromium (which actually renders the UI.) The result being that the first UI screen would load, then never another afterwards.
  2. It was randomly flagging the map and patching binary data as virus-infested and blocking it during download.
  3. About 10% of TCP socket connection attempts would time out, this is about 1000 times normal.

After a lot of investigation into my game, I finally decided I had to give the game a go without BitDefender, so I called the owner of the laptop, he OK'd the experiment, and I uninstalled BitDefender. All of a sudden the game started to run!

Now I have to add a check in the installer to detect and warn the user about the incompatibility with BitDefender.

New Comment

Cookie Warning

We were unable to retrieve our cookie from your web browser. If pressing F5 once to reload this page does not get rid of this message, please read this to learn more.

You will not be able to post until you resolve this problem.

Comment (You can use HTML, but please double-check web link URLs and HTML tags!)
Your Name
Homepage (optional, don't include http://)
Email (optional, but automatically spam protected so please do)
Multiply: 2 and 6 = (What's this?)

  Admin Log In

[The Imperial Realm :: Miranda] [Blog] [Gallery] [About]
Terms Of Use & Privacy Policy