Ayrhead Posted October 17, 2021 Share Posted October 17, 2021 Hi! I downloaded Classic99 from http://www.harmlesslion.com/software/Classic99. When I extract, Avira thinks cartpack.dll contains something named HEUR/APC and quarantines it. My understanding of emulators is very superficial and I know nothing of TI-99, my girlfriend has just played Parsec in her childhood and I'm trying to get it working on our computer Quote Link to comment Share on other sites More sharing options...
atrax27407 Posted October 17, 2021 Share Posted October 17, 2021 Most often, particularly if it is a newly released version, the virus software will reject it for "reputation exception". If you can override the quarantine on your virus protection, Classic99 is fine. I have to do that every time an updated version is released. 2 Quote Link to comment Share on other sites More sharing options...
Ayrhead Posted October 17, 2021 Author Share Posted October 17, 2021 Thanks, I restored the file from quarantine and the emulator works fine Quote Link to comment Share on other sites More sharing options...
Tursi Posted October 17, 2021 Share Posted October 17, 2021 I've gotten false positives a couple of times over the years - I used to use Avira and Trend Micro and both did it. I also contacted tech support for both, and basically got nothing but a runaround. They could neither tell me why the software triggered (especially since I built it on the same machine that later complained about it) nor what to do to prevent it. With Trend Micro I went around with support more than two months, twice (once for a work product). If you ever have a concern, you can hit https://www.virustotal.com/gui/home/upload - you can upload the Classic99.exe and it will run it through several dozen virus detection engines - it's helpful for weeding out false positives. (I thought it used to extract and scan inside zips, but when I tried it just now it didn't appear to scan inside). The details and behaviour tabs will also tell you a lot about what's going on inside. It actually runs the program and watches what files are accessed for read and write, and reports them. It's showing clean here on all engines except 'Rising' which thinks it's a trojan. I'm not sure why it thinks that, and it's impossible to find out, but the behaviour tab doesn't show anything I'd consider unusual - in particular the only file it writes is classic99.ini. On a rescan it changed it's mind, so, go figure. Full source code for Classic99 is also available at https://github.com/tursilion/classic99 - so you can also look up any behaviours you question. You can also build it yourself, but, I admit it's not been set up to be easy for someone else to build. The source is offered for educational use only, not derivative works. 5 Quote Link to comment Share on other sites More sharing options...
+OLD CS1 Posted October 17, 2021 Share Posted October 17, 2021 Any anti-virus which utilizes behavior analysis will by default find executables outside of "Program Files" and "Program Files (x86)" suspicious until determined otherwise. Most of the time the executable may take a while to launch the first time as the security software runs the binary in a virtual machine to determine if it does anything bad. AVG (Avast) cyber-capture will allow the program to interact with the user for a while, then kill the VM and restart the program proper if it determines it does nothing malicious. Quote Link to comment Share on other sites More sharing options...
Tursi Posted October 17, 2021 Share Posted October 17, 2021 28 minutes ago, OLD CS1 said: Any anti-virus which utilizes behavior analysis will by default find executables outside of "Program Files" and "Program Files (x86)" suspicious until determined otherwise. Most of the time the executable may take a while to launch the first time as the security software runs the binary in a virtual machine to determine if it does anything bad. AVG (Avast) cyber-capture will allow the program to interact with the user for a while, then kill the VM and restart the program proper if it determines it does nothing malicious. I dunno, I run a lot of software outside of Program Files that never trips, and always have. Some AV might, but not while I was a user of it. And the work software I fought with Trend over /was/ in Program Files. But I also suspect that a lot of AV increase their trust level on signed binaries, and someday I'll cough up for a cert to prove that. Now that I think about it, I also fought with Trend Micro over marking my whole website as suspicious, and specifically noting that they had reviewed it and determined it as such. They removed it when I complained but never addressed my complaint about calling it reviewed when it was clearly an automated flag.. they just kept telling me to add it to my exclusions list. Quote Link to comment Share on other sites More sharing options...
atrax27407 Posted October 17, 2021 Share Posted October 17, 2021 Norton almost always flags a new version of Classic99 as "dangerous" because it has no clear reputation. Since I download it from Tursi's site, and know that it is good, I always choose "run anyway". It is good after that - until the next upgrade. 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.