Issue abstract:
Data Protector blocked a suspicious action by (exe). Target: C:\Windows\INF\input.inf
Detailed description:
I’m creating a Game Editor, and one of the libraries I’m using uses DirectInput, and DirectInput seems to access those files (my program does not access the input.inf directly). There should be no issue.
Product & version number: Norton 360
OS details: Windows 11
What is the error message you are seeing?
Data Protector blocked a suspicious action by (exe)
all my Data Protector bookmarks from old Community are Oops!
Maybe, Data Protector objects to unsigned/unsigned tmp files created by your Game Editor.
I’ve needed to temporary disable Data Protector to install known safe programs.
Just not worth trying to work with-around-thru Data Protector for known safe.
It uses DirectInput and apart of very popular frameworks like glfw. No other antivirus finds this a problem. It’s not on Game Install it’s when I build an .exe using .NET and use the .DLL that comes with DirectX dinput.dll which I believe iterates devices and opens input.inf and the like. DirectX does this, not my app. So Norton could find out if it came from dinput or system libraries and etc and let it happen with no warnings etc that would be great.
There’s 2 problems with this. a) I have to exclude every .exe I build, b) other people using my exe will have to do the same.
Does Norton not read these posts? This is a problem with Norton (as Norton shouldn’t be blocking access when the exe was being used from a DirectInput library).
There are Norton employees who DO read and review these threads. Not as often as we’d like. There are many reasons developers as you are having issues with files getting detected. Usage of the files/software over time and analytics are the biggest offenders. Most A/V solutions, even WD will detect each change to your creation each time it is updated. Creators should be aware of the myriad of avenues malware has to infect and propagate. Protection of the OS and file system is the main tasking.
Drop a copy of your executable here, lets see what Virus Total has to report.
Drop a copy here and have Norton review it using this article.
I’ve scanned the executable for viruses and there is none. And it’s not like Norton is popping up saying it has a virus, it’s just that it accesses input.inf and such (but my app doesn’t really access it directly, but uses DirectX’s DirectInput which in turn accesses it apparently). So any game that essentially uses DirectInput would also get flagged? But this is more for the Norton devs/support. It’s not necessarily for me too much, as I can ignore/exclude the error, it’s for the people using my .exe’s. Others have reached this issue online as well, and you can see the issues reported on Steam that their games are popping up with this issue only with Norton. So basically Norton is the only problem here.
Is this detection only happening while you are developing the software or creating updates? Are your users reporting the issue when they use the finished product?
If only when developing, is it possible that your development software has components for debugging active? If so you need to create a separate folder for your development projects and store all folders and files for a project in that folder. Then exclude that parent folder from Norton scans using the information here. Exclude files and folders from Norton scans Then test to see if you still see the issue you are reporting.
No, it happens when I build the .exe and run it. Only when developing while using DirectInput it seems. People are having the same problem running games on Steam (I’m guessing that also use DirectInput), I don’t want to link here but you can search for it easily on Google.
This is not a me problem, this is a Norton issue. Norton should be allowing DirectInput to access input.inf and the like.
FWIW!! I run multiple games / game servers on Steam and haven’t seen this issue on any of them. Nor have I seen anything posted via steam where this is happening either except for using the Steam controller. Or controllers in general with complex settings. As such that is an isolated issue to that specific hardware.
For Norton to be flagging this, the process is indeed using Windows system flags in some manner. Norton is protecting the OS. LOL ( living off the land ) infections are also common where system processes are hijacked. My thoughts are that is why Norton is nailing it.
Posting a screenshot of what you see would also go a long way toward helping find a possible solution.
The issue isn’t on my side. It only happens when I use a framework that uses DirectInput. I’m obviously not the only developer who’s apps are affected. I’ve discussed with the developer of Silk [dot] net, and you can find more information here: github [dot] com/Silk [dot] NET/issues/2273
As quoted:
Windows uses this to get a friendly name for the HID device using GetPrivateProfileStringW which in turn uses NtOpenFile. Interestingly, while this operation opens a file handle (that would usually lock the file from other accesses), this does use FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE which effectively makes it unlocked. I think your antivirus is just objecting to this file being accessed at all.
Your antivirus should not be blocking standard DirectInput functionality.
You pretty much answered the solution to the issue, using Silk. API binding and building from source is what I am trying to convey. Developers always argue its not their issue when most times, that is the case when its all said and done. Did you submit your files to Norton and Virus Total as suggested before? Those results would also be great to see for a reference.
I’m not sure you are understanding the “risk” to the OS, involved with Norton or any other A/V, arbitrarily allowing executables or otherwise, unfettered access to a protected system file. As posted before, I personally use Steam Dedicated server and client, having never seen Norton blocking access to controller configurations. Multiple machines with different hardware and configurations. Steam will tell you what you want to hear in most cases. I’ve been around Valve since the old days of WON. More than 25 years.
As a test and suggestion. Have you given removal of Norton then allowing Windows Defender active on the system as the sole A/V solution, to see if this takes place without Norton? I’m a betting man, will almost guarantee that WD will also nail it for the same reasons Norton does. Give that a go and report what your results are please.
You do know that code is not in Silk[dot]Net right? That’s what I’m trying to say. It’s a part of direct input library which is directX… Did you miss that part? Can I get an actual Norton dev here please?
Also, other games and apps experience this too. Whichever uses DirectInput (which I’ve stayed before).