Why is Windows Defender is saying my failed C tictactoe project might be malware?

[VirusDumb]

 

God dammit I know my code sucks they didnt have to roast me like this, anyways can someone explain why this happened like, I know it's false positive but it only happened with this programming did I fuck up and do a memoery leak or something, I use dev c++ with a tdm-gcc 4.9.2 64 bit

 

and this is the code, I actually wrote this when I was first learning C and didnt touch it that's why it doesnt really do anything apart from just exit, I'll fix it myself later own just need to know what I did here that would make it a malware

#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<stdio.h>
#include<stdlib.h>
int main()
{
	char arr[3][3],i,j;	
	printf("Enter the elements:\n");
	
	for(i=0;i<3;i++)
	{
		for(j=0;j<3;j++)
		{
			arr[i][j]='|';
		}
	}
	printf("Your elements are:\n");
	for(i=0;i<3;i++)
	{
		for(j=0;j<3;j++)
		{
			printf("%s ",arr[i][j]);
		}
		printf("\n");
	}
	/*
	for(i=0;i<3;i++)
	{
		printf("Enter the vales of [%d] row: ",i);
		for(j=0;j<3;j++)
		{
			scanf("%s",&arr[i][j]);
		}
	}
	printf("Your elements are:\n");
	for(i=0;i<3;i++)
	{
		for(j=0;j<3;j++)
		{
			printf("%d ",arr[i][j]);
		}
		printf("\n");
	} */
	return 0;
}

 

[Eigenvektor]

Most likely it's a combination of the app being unsigned, located in the program folder and potentially matching some heuristic about memory access patterns.

 

Defender can't see your source code, so it can't do any form of static code analysis and search for memory leaks or similar (nor is that its purpose in the first place). It just checks the binary against know virus signatures and different heuristics. A tiny executable that just writes to memory before exiting likely matches some bad behavior patterns.

[Haswellx86]

First of all, the program throws a segmentation fault because at line 23, you are trying to print each value of the array as a string instead of a character, and so printf() is accessing something out of bounds of the memory and so the program crashes. Replace %s with %c.

 

Fix your includes, no need for stdlib.h and string.h, and include each only once.

 

And the rest of the implementation is not how I would write the game.

 

First using #define, to define characters like O, X, - (with added spaces so you don't have to print spaces manually) as the marks to print them. Once you print the empty board, ask player one (using a boolean value to switch the player turns) to enter the X and Y coordinates in integers of the board to at the place in the board, place player one's assigned mark. After this, you are going to need to write a function (or just inline it) to check if either player has won. Using loops, check each row and then each column if either player has their continuous marks, and also check the diagonals as well. And run this in loop (condition for a while loop can be a boolean value which will switch if the checking function declares a win) as also switch the boolean value for the next player.

 

As for the malware reporting, it's Windows, a Mi**osoft product, what do you expect? Grow up, use GNU/Linux.

 

It's just a false positive. Perhaps because printf was accessing out of bounds memory, it threw that warning.

[FlyingPotato_is_taken]

Just some AI triggering it.

Without looking at the code likely this is due to the debugging information/hooks.

[Mark Kaine]

It's probably because it's unsigned and more importantly unknown...

 

I once had it flag and *block* a mod I made myself on the very same PC, because I had downloaded it from the mod website to check as a "zip" file...

 

It kept doing this for several days, then stopped doing it...  (I also reported it several times for false positive)

[VirusDumb]

3 hours ago, Haswellx86 said:

First of all, the program throws a segmentation fault because at line 23, you are trying to print each value of the array as a string instead of a character, and so printf() is accessing something out of bounds of the memory and so the program crashes. Replace %s with %c.

 

Fix your includes, no need for stdlib.h and string.h, and include each only once.

 

And the rest of the implementation is not how I would write the game.

 

First using #define, to define characters like O, X, - (with added spaces so you don't have to print spaces manually) as the marks to print them. Once you print the empty board, ask player one (using a boolean value to switch the player turns) to enter the X and Y coordinates in integers of the board to at the place in the board, place player one's assigned mark. After this, you are going to need to write a function (or just inline it) to check if either player has won. Using loops, check each row and then each column if either player has their continuous marks, and also check the diagonals as well. And run this in loop (condition for a while loop can be a boolean value which will switch if the checking function declares a win) as also switch the boolean value for the next player.

 

As for the malware reporting, it's Windows, a Mi**osoft product, what do you expect? Grow up, use GNU/Linux.

 

It's just a false positive. Perhaps because printf was accessing out of bounds memory, it threw that warning.

also I declared i and j as char types then assigned int value to them in the loop, but yea i think it could be because of the printfs

[VirusDumb]

3 hours ago, Eigenvektor said:

Most likely it's a combination of the app being unsigned, located in the program folder and potentially matching some heuristic about memory access patterns.

 

Defender can't see your source code, so it can't do any form of static code analysis and search for memory leaks or similar (nor is that its purpose in the first place). It just checks the binary against know virus signatures and different heuristics. A tiny executable that just writes to memory before exiting likely matches some bad behavior patterns.

that's not the main program folder, it's a folder i created in a different drive for saving programs which I code, and yea it makes sense it's my weird memory acess patterns

[VirusDumb]

3 hours ago, Haswellx86 said:

As for the malware reporting, it's Windows, a Mi**osoft product, what do you expect? Grow up, use GNU/Linux.

I'd but I still wanna play videogames and have windows for that, but my 512gb SSD is already filled to the brim and there's barely enough space to download a mordern AAA singleplayer game let alone dualboot, the main issue is, I don't have the cash now for a bigger SSD and I'm too much of a pussy to open my HP victus gaming bloatbox laptop up and replace the SSD before warranty runs out, the plastic is too fragile and delicate

 

 

for my current linux needs I use WSL 

[manikyath]

3 hours ago, Haswellx86 said:

As for the malware reporting, it's Windows, a Mi**osoft product, what do you expect? Grow up, use GNU/Linux.

ah yes.. windows marks everything as a virus and is only used by children..

 

---

 

on topic, antivirus software in general is always very touchy about "unknown" things, and oddities like including the same library twice probably doesnt help that. in a very dumbed down view, antivirus software gives software a "score", and the higher it gets, the more "potentially dangerous" it is assumed to be. an executable it hasnt seen before is a point, some odd program behavior might be another point, the location might be another point, and at some point it has enough singular points to just barely hit the treshold. and what you see is your antivirus essentially saying "hey i dont recognize this, do you?" - that's why it's "potentially unwanted" and a threat level of "low".

 

i see this a lot when i play old games, because in the late 90s game engines often had weird ways of drawing 3D scenes, and they're not common executables at all these days so they're flagged constantly.

[Haswellx86]

40 minutes ago, VirusDumb said:

also I declared i and j as char types then assigned int value to them in the loop

That is fine, and probably better. A char data type in C/C++ is just an integer with 1 byte of memory, meaning it can hold values from -128 to 127 or 0 to 255. You can totally use char for storing integer values when you know the value is not going to exceed the 1 byte's limit.

 

See, that's why I encourage people to learn the inner workings and fundamentals rather than just learning how to use something. I encourage people to mess around with stuff in C to learn about it better.

 

The last thing I tried was to create a function pointer to a user defined function, assigned an int pointer to the function pointer, and de-referenced the int pointer, assigning an integer value to that memory where the function was defined. I then tried to call that function, and I get an illegal instruction error, the first time I have seen that one. I basically corrupted my own memory of my function. C with pointers give you so low level memory access, you can completely manipulate your whole code at runtime.

[Haswellx86]

@manikyath

 

Patterns can raise suspicion, but is the program actually doing anything that could harm? In this case, it's a really bad false positive. The only way to know what caused it if @VirusDumb tells if fixing that printf statement made it go away or fixing the includes did it. Man, these are just rookie programming bugs, I can't believe that Defender could flag them as malware.

 

Man I am just so glad and happy that GNU/Linux exists. I am not stating that you don't need security software for GNU/Linux, and I was recently discussing about it, but as a conclusion I shouldn't be needing one. My main beef with Windows is the performance, and if I be honest, even on a new and capable system (i5 13400), Defender sucks. If I disable it, Windows does become much more usable for me (but still not enough). 

 

I reject Windows just like that lady rejecting the ROG Phone from the iPhone users switching to Android video. Just slide it away, in disgust. Sadly enough, I need to play games and have to learn programming for Windows so I need to sneak in a dual boot. Wish me luck that I come out sane...

[manikyath]

1 hour ago, Haswellx86 said:

Man I am just so glad and happy that GNU/Linux exists. I am not stating that you don't need security software for GNU/Linux, and I was recently discussing about it, but as a conclusion I shouldn't be needing one.

the only reason you dont "need" security software on linux is because the userbase is essentially zero, so there is very little reason to make end user facing malware for the platform.

 

beyond that, the notion to ditch windows because defender is careful about a potentially questionable executable is ridiculous. literally all OP needs to do is to click "allow on device", and move on with life.

 

1 hour ago, Haswellx86 said:

Patterns can raise suspicion, but is the program actually doing anything that could harm? In this case, it's a really bad false positive.

since you spend your day praising "GNU/linux" on a forum i assume you're very knowledgeable, and you know that malware these days does a lot of effort to "act as normal software" while deploying the payload as sneakily as possible. if a piece of software does something abnormal it makes sense to put the brakes on and ask the user for confirmation that they know what they're doing.

 

it's the same debate as REX (Request to EXit) sensors on automatic doors, do you open the doors at any movement at all, so that no one ever has to stand waving in front of a closed door carrying a heavy box.. or do you have sensors looking for a more specific thing that might occasionally not open a door for someone, but also doesnt let in bad actors using a can of compressed air. (look it up, it's hilareous)

 

security software has always tended towards the side of preferring occasional user annoyance over missing threats. unfortunately, in the example of rex sensors... some facilities are HILAREOUSLY insecure.

[Haswellx86]

1 hour ago, manikyath said:

beyond that, the notion to ditch windows because defender is careful about a potentially questionable executable is ridiculous.

No, that is no the point. It would be better if Defender is more careful (not better performance wise), but I was stating that I just don't need to care about it. I don't need to use any security software so I don't care if Defender is less or more careful. I don't need to deal with security and the performance loss that comes with it. So that is a valid reason to ditch Windows if you are fed up of Anti-malware precautions.

 

1 hour ago, manikyath said:

since you spend your day praising "GNU/linux"

Yes. 

Also it's Linux not linux. See, even my browser gives the red squiggly line.

 

1 hour ago, manikyath said:

i assume you're very knowledgeable

Comparing with whom? My college mates? I am a computer genius to them. An actual software engineer? I may not be exactly knowledgeable and don't have my skills that sharp but I get the idea. Like I don't even know how to code in Python but if I wanted to I could learn it in a couple of hours. Some highly qualified IT engineer, cyber security expert, etc, I don't come close to being that knowledgeable. And with you? I don't know what your background is. And I am also young. Knowing something about computers is different that just being older and having experience of life.

 

1 hour ago, manikyath said:

since you spend your day praising "GNU/linux" on a forum i assume you're very knowledgeable, and you know that malware these days does a lot of effort to "act as normal software" while deploying the payload as sneakily as possible. if a piece of software does something abnormal it makes sense to put the brakes on and ask the user for confirmation that they know what they're doing.

Yes that might be true, but just look at the innocent code above. It's obviously a false positive, and that is a bad thing but not a high priority to solve it and indeed better than comprising security. It is not playing with registry or trying to access memory of other program, or well, yeah that printf() function did access out of bounds memory which is why it could have been flagged as a malware. I don't know. Defender could be taking high precautions, and you security sensitive people running Windows can do whatever you would like with Defender, and I don't need to argue as well because I run GNU/Linux.

 

In the older days I used to spend so much time making Windows not suck. Now I just do it the proper way which is to use GNU/Linux. If I need to help anybody with this, I too recommend them switching to GNU/Linux rather than playing with Windows.

[manikyath]

28 minutes ago, Haswellx86 said:

It's obviously a false positive

it's obvuiously a false positive to you, me, and OP. that's the point of the "allow this on my device" button. it clearly did something to reach the treshold of a flag, and if your response to this is "uninstall defender" you've completely missed the point. do you also rip out your car alarm when it goes off because some idiot with zoomies drove past?

 

29 minutes ago, Haswellx86 said:

and you security sensitive people running Windows can do whatever you would like with Defender, and I don't need to argue as well because I run GNU/Linux.

what.. does that even mean? is this just a high horse argument for the sake of showing off your high horse?

 

30 minutes ago, Haswellx86 said:

In the older days I used to spend so much time making Windows not suck. Now I just do it the proper way which is to use GNU/Linux.

and you dont spend time making whatever flavour of linux run to your desire, and never have any issues running anything on linux at all that requires your time?

 

i use both windows and linux daily, and in my opinion as long as you dont try to actually interfere with core aspects of how windows is designed to work there is VERY little time investment needed.

 

on the flip side, i essentially dont update either of my linux boxes at all, because i dont have the time for "installing updates is user error". it a very good ecosystem, it's just that the attitude of the community around it is absolutely rotten. i have things to do in life, and those things are not troubleshooting the damn media box i use to play youtube videos on a 15 year old TV. it's never been an issue when it was on windows, for the sake of experiment i put it on linux, and it's been a problem every f*cking day.

[Haswellx86]

46 minutes ago, manikyath said:

it clearly did something to reach the treshold of a flag

Yes it did, but at the end it is a false positive. The code is right in front of you.

 

46 minutes ago, manikyath said:

and if your response to this is "uninstall defender"

I LITERALLY never said to uninstall Defender. You can run Defender, you can run Windows, why do I care? And if you would be quoting this -

9 hours ago, Haswellx86 said:

it's Windows, a Mi**osoft product, what do you expect? Grow up, use GNU/Linux.

A) It's my general hate towards Windows, and not me being bad about Defender being over protective. But it indeed is a false positive and regarding the innocence of the code, isn't impressive.

B) I have some humor mixed sometimes. Try to identify it rather than expecting professional output from me. OP can use Windows, I state just to clarify.

 

46 minutes ago, manikyath said:

what.. does that even mean? is this just a high horse argument for the sake of showing off your high horse?

I just clearly stated that if you want to put up with Defender you can. I don't need to argue as I am on Linux. If I were on Windows, disabling Defender is a risk I would definitely take, for my use. But I don't need to be guilty as I am on Linux.

 

46 minutes ago, manikyath said:

and you dont spend time making whatever flavour of linux run to your desire,

Can you make Windows run as you desire? Windows doesn't even provide such customization and control. This is a different thing.

 

46 minutes ago, manikyath said:

and in my opinion as long as you dont try to actually interfere with core aspects of how windows is designed to work there is VERY little time investment needed.

Your experience and expectations are different obviously. That "in my opinion" definitely helps. You get to keep your opinion and I get to keep mine. Happy?

 

46 minutes ago, manikyath said:

"installing updates is user error"

No? When that happens the distro devs including the beta testers are responsible.

 

46 minutes ago, manikyath said:

it's just that the attitude of the community around it is absolutely rotten.

??? Were you bullied by toxic Arch superiority complex users?

 

46 minutes ago, manikyath said:

it's never been an issue when it was on windows, for the sake of experiment i put it on linux, and it's been a problem every f*cking day.

So don't run it on Linux? I guess you are just stating it, but regarding the context, if you are linking it to me, I don't care if you run Windows or Linux. Do whatever suits you.

[ieleja]

get:

https://sourceforge.net/projects/orwelldevcpp/files/Compilers/TDM-GCC/TDM-GCC 4.9.2 (4.9.2-tdm64-3).7z/download

 

and compile this  .c code

scan with Windows 10 Defender

sent to Virustotal:

https://www.virustotal.com/gui/file/e6ce78596785a1b11e462ce601536f706e1c0a862c74fe72944d53ad71a5469c?nocache=1

 

how repeatable all this is for you?

 

 

 

[VirusDumb]

On 3/24/2025 at 6:54 PM, ieleja said:

get:

https://sourceforge.net/projects/orwelldevcpp/files/Compilers/TDM-GCC/TDM-GCC 4.9.2 (4.9.2-tdm64-3).7z/download

 

and compile this  .c code

scan with Windows 10 Defender

sent to Virustotal:

https://www.virustotal.com/gui/file/e6ce78596785a1b11e462ce601536f706e1c0a862c74fe72944d53ad71a5469c?nocache=1

 

how repeatable all this is for you?

 

 

 

yes I am actually indeed using dev cpp and used that to compile that code

 

 

 

does it have to do with it?