Author Topic: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?  (Read 13470 times)

Codewalker

  • Hero of the City
  • Titan Network Admin
  • Elite Boss
  • *****
  • Posts: 2,740
  • Moar Dots!
Some of the most common problems people encounter setting up and upgrading Paragon Chat have to do with antivirus, antimalware, and other security scanning software. Step 1 of the troubleshooting procedure is almost always "Disable your AV for the install, and add an exception once it's complete."

Occasionally people ask me why they have to do this. If Paragon Chat is safe, why does it need to be excluded? What about it makes virus scanners so unhappy? So I thought I'd toss up a forum post outlining the reasons that people can point to if needed.

First of all, Antivirus stopped being about blocking specific threats a long time ago. Signature-based AV just can't keep up in a world where dozens of new threats appear every day. Now it's all about two things: Reputation and Heuristics.

Reputation is about who you are. If a piece of software comes from a huge vendor like Microsoft or Apple, and is signed with their certificates, AV is much much more likely to trust it and let it get away with anything it wants. Almost nobody has ever heard of a tiny little fan site called Titan Network, and the software that they make isn't run by very many people. We're certainly not on any AV vendor's known good list. On launch day you might very well be the first person in the world running new code under the scrutiny of whatever brand of AV you use.

This is actually a big problem for small software shops trying to compete in the commercial software arena as well. More and more AVs are defaulting to throwing up scary warnings about or even outright quarantining anything they don't recognize, because it's easier than actually detecting real threats. Small software shops get shafted by that, because it makes non-technical users afraid to run their software when it sets off all of the 'not made by fortune 500 company' alarms. Just google for 'small developer antivirus' and you'll find a litany of complaints about it.

Heuristics is the other way that many AV scanners operate. They do static analysis of code and attempt to guess if it's malicious or not by seeing what it does. Anyone who is familiar with computer science and the halting problem knows that determining this 100% reliably is a proven unsolvable problem, so they make a best effort guess. It's not always right.

Paragon Chat does a lot of things that are considered 'potentially dangerous' and set off heuristic scanners:
  • It downloads executable files from the Internet for the self-update mechanism.
  • It regularly communicates with third-party servers.
  • It runs and manages independent subprocesses, and communicates with them over loopback network sockets.
  • It accesses data that it didn't install, that exists elsewhere on your hard drive (the pre-existing COH client data and executable code).
  • The client process (new in 1.0) uses dynamic code generation as well as self-modifying code extensively. AV scanners really hate both of these, because static analysis simply doesn't work when the program is writing code on the fly. But it's necessary in order to integrate with the binary-only COH client and allow it to be extended.

CW, you ask, why don't you simply fix Paragon Chat to not trigger these heuristics? Well, two reasons. The first is that Paragon Chat is doing something very complicated and off the beaten path. It's using code and data from other software in ways that its designers never anticipated or intended. It really does need to do all of those scary sounding things to make it happen, there's just no way around that.

The second is that AV companies don't tell anyone how their engines work, or how to modify software to avoid detection. After all, if they did that, the bad guys would just modify their malware to avoid it as well.

So at the end of the day, if you want to run Paragon Chat you have to make a conscious decision to trust us over what your AV software is saying. All we can do is put it out there and leave it up to the community to form their own consensus of whether or not we're deserving of that trust.
« Last Edit: April 03, 2016, 05:06:59 AM by Codewalker »

Pillezwei

  • Underling
  • *
  • Posts: 4
  • I am Superpille. A german idiot from Hamburg.
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #1 on: April 17, 2016, 03:37:26 PM »
And HOW do I get Paragon Chat from Avira (Antivir) detecting and blocking it?
I am Superpille. A german idiot from Hamburg, hello.
How can I help?
Pillezwei - Superpille.
Watch this: https://www.youtube.com/watch?v=6bd3Cvtvhgs
Just for fun! :D

Manga

  • Elite Boss
  • *****
  • Posts: 334
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #2 on: April 17, 2016, 05:12:25 PM »

Do virus alerts happen less often if PC is installed via one of the launchers?


Pillezwei

  • Underling
  • *
  • Posts: 4
  • I am Superpille. A german idiot from Hamburg.
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #4 on: April 17, 2016, 06:27:35 PM »
So I made some exceptions for Paragon Chat and now it gets a bit further. I thought I got it and then, at the last minute, second even.... there comes this error of
"XMPP was unable to connect!

Make sure your XMPP login information is correct."

I don't even know what that means, but thanks for the help anyway. :D

Okay, that was just my fault, I put on the wrong password or name, that happens.

But now it says:
"Failed to launch client!"


I assume that's worse. ^^
« Last Edit: April 17, 2016, 07:05:02 PM by Pillezwei »
I am Superpille. A german idiot from Hamburg, hello.
How can I help?
Pillezwei - Superpille.
Watch this: https://www.youtube.com/watch?v=6bd3Cvtvhgs
Just for fun! :D

General Idiot

  • Elite Boss
  • *****
  • Posts: 648
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #5 on: April 18, 2016, 02:21:13 AM »
You have to add both ParagonChat.exe and ParagonChatClient.exe as exceptions. Or just make it everything in the folder outright. You probably missed the client, that's what usually seems to cause that error message.

Codewalker

  • Hero of the City
  • Titan Network Admin
  • Elite Boss
  • *****
  • Posts: 2,740
  • Moar Dots!
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #6 on: April 18, 2016, 02:31:39 AM »
You have to add both ParagonChat.exe and ParagonChatClient.exe as exceptions. Or just make it everything in the folder outright. You probably missed the client, that's what usually seems to cause that error message.

^^^ That.

We can't legally distribute a modified version of the COH client, because we don't have the rights to distribute the client itself.

Some of the new features in Paragon Chat 1.0 and beyond require/will require a modified client in order to deal with things that the Paragon devs hardcoded, since for them it was a simple recompile to change it.

The only workable solution right now is to create a dynamic loader on the fly that can apply the patches in-memory on the user's machine.

Some Antivirus software really, really doesn't like that. There's nothing really that can be done other than exclude it once it is created, submit it as a false positive, and hope for the best.

Pillezwei

  • Underling
  • *
  • Posts: 4
  • I am Superpille. A german idiot from Hamburg.
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #7 on: April 18, 2016, 06:49:21 PM »
I already did.
Both files are in there.
But It's possible that Avira already has taken some files out into the vault. Hmmmm....
I am Superpille. A german idiot from Hamburg, hello.
How can I help?
Pillezwei - Superpille.
Watch this: https://www.youtube.com/watch?v=6bd3Cvtvhgs
Just for fun! :D

Pillezwei

  • Underling
  • *
  • Posts: 4
  • I am Superpille. A german idiot from Hamburg.
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #8 on: April 24, 2016, 06:25:15 PM »
Still doesn't work, it says "Failed to launch client!"
Without Avira complaining, because all the (important) files are in the exceptions. What did I do wrong?
I am Superpille. A german idiot from Hamburg, hello.
How can I help?
Pillezwei - Superpille.
Watch this: https://www.youtube.com/watch?v=6bd3Cvtvhgs
Just for fun! :D

Lucretia MacEvil

  • Guest
I've got Norton 360 and I'm incredibly bad at software stuff.  Getting a different antivirus is not really an option.  Can you help me?  I really want to see the City again!

TimtheEnchanter

  • Elite Boss
  • *****
  • Posts: 1,466
  • There are some who call me... Tim?
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #10 on: May 12, 2016, 07:54:09 AM »
With AVG I've found that it's best to temporarily disable all virus scanning until the client launches. The exceptions will prevent it from killing the exe files but I think Paragon Chat also creates a temp file at launch, and that will always cause virus scanners to wig out. If everything else is set as an exception though, I 'think' the antivirus will stop whining as long as you don't reactivate it until the game client has loaded. This is the most hassle-free solution I've been able to find without leaving your desktop open to threats the entire time you're playing.

stibs84

  • Underling
  • *
  • Posts: 2
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #11 on: May 31, 2016, 06:56:12 PM »
Long time lurker, extremely rare poster. I submitted ParagonChatClient.exe to Avira Virus Lab. They replied with the following:

Quote
The file 'ParagonChatClient.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

I recommend users of other anti-virus software submit ParagonChatClient.exe and/or ParagonChat.exe for review to their respective anti-virus developers/maintainers. If nothing else, it'll save others a bit of worry.

AeternalDreamer

  • Underling
  • *
  • Posts: 6
Re: FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?
« Reply #12 on: July 27, 2016, 09:14:58 PM »
Well. This bug has caused me a -lot- of aggravation. AVG antivirus seems to believe Paragon Chat.exe is a trojan. Now, this is odd because I put the whole COH folder as an exception, so it shouldn't be detecting it at all I'd think. I tried adding the .exe as an exception as well but it still detects it as a trojan. I -could- turn off my antivirus while I play, but it'd have to stay off otherwise it'd kick me off, like it did earlier when I restarted my antivirus.

Any help or enlightenment would be appreciated, thank you for your time.

EDIT: I got it working. I was confused when I read a topic about the trojan thing, as I didn't see the ParagonChatClient.exe, I ended up removing my old ParagonChat.exe exception and going to C:\Users\UserName\AppData\Roaming\ParagonChat\bin

and making exceptions for the two .exe's there. SEEMS to be working now, though I still had issues when I used the exception for the exe in my coh folder.
« Last Edit: July 27, 2016, 09:33:34 PM by AeternalDreamer »