Program (with SFML) detected as virus/malware/trojan

Question

I'm writing a program that uses SFML for rendering/input. The problem is that most antivirus programs detect it as some kind of malware. Some of them display the alert as soon as the program starts (even in debug mode in visual studio) and others when keyboard input occurs. My questions: 1) Do you have any idea why this happens? 2) How can I avoid it?

p.s. SFML is the only library i use, the rest is my code p.p.s Based on the information I have, I guess this happens because intercepting keyboard events can be interpreted as a malicious action.

Answer 1

Some applications that use DirectInput7 for handling keyboard are sometimes detected as "keyloggers" by certain (dumb) AV software and firewalls.

If you get this problem after compiling sfml from source, your system is clean, and virus/malware definition is vague "generic malware", then it is likely a false positive. It is extremely rare, but sometimes compiling software triggers false-positives in antivirus software (for example compiling glib-2.0 under mingw will produce sea of virus alerts with avast antivirus - every module test or program that uses gio will be detected as malware)

Of course, there's also a chance that some sfml-related dll got infected by virus - if you didn't compile it yourself.

compiled it myself. Avast and Microsoft Security Essentials give me a generic malware warning, and Norton removes the executable forcibly.

If you're absolutely sure that it is a false positive, then one of your antiviruses should have list of exclusions. You could also report library as false positive to AV software maintainer - otherwise if you decide to distribute APP, your users will face same problem. Also, I'd recommend to use precompiled binaries if you're planning to distribute the app. First, it is possible that precompiled binaries won't trigger virus alert, second, it is possible that AV software already recognizes them as "normal" uninfected executables, and 3rd, you won't have to wait for library compilation to finish.

If AV software has no exclusion lists or if precompiled pbinaries also cause virus alerts, then you can switch from sfml to something else - like libSDL.