A Japanese indie developer recently shared a harrowing account of their experience with antivirus software, which mistakenly flagged their game as a virus, leading to significant distribution challenges. This narrative serves as a cautionary tale for fellow developers navigating the complexities of game distribution in a digital landscape.
Spearheaded by Shiromofu Factory, the game Dungeon Antiqua was launched on October 10, 2024. Drawing inspiration from the nostalgic aesthetics of early Final Fantasy and Wizardry titles, this dungeon crawler allows players to level up their characters through monster battles. Currently available on both Windows and macOS, it has garnered a Very Positive review status on Steam.
Dungeon Antiqua trailer
Following its launch, Shiromofu Factory diligently worked on updates, bug fixes, and feature enhancements for Dungeon Antiqua. Initially, the process was seamless, but everything changed with the release of the December 6 update. Users began reporting alarming virus warnings from prominent antivirus programs such as Norton, Avast, and McAfee. The developer, known as frenchbread on note.com, described this period as a descent into chaos.
Determined to uncover the root of the problem, frenchbread discovered that the game was built using the retro-style game engine Pyxel, which employs Python for programming and utilizes Pyinstaller to create executable files. This combination seemed to trigger false positives in antivirus software, as these programs often mistake Pyinstaller-generated files for Trojan viruses due to their behavior.
In a bid to mitigate the issue, frenchbread advised users to manually exclude the game’s .exe file from their antivirus scans. However, on December 12, the situation escalated when Steam notified the developer that the game had been blocked from sale due to multiple virus reports.
To regain access to the marketplace, frenchbread requested that Steam revert to an earlier version of the game. Yet, this temporary fix left the developer in a precarious position, unable to update their game moving forward.
Taking matters into their own hands, frenchbread purchased Norton Antivirus to conduct thorough testing. They experimented with building custom bootloaders, as default options often raise red flags with antivirus systems, but these efforts proved futile. Other strategies included filing reports with antivirus companies and considering the costly option of acquiring a code signing certificate to validate the game’s integrity.
As stress mounted, frenchbread delved into the game’s code, searching for any elements that might be misconstrued as malicious. They identified that the use of Python’s “os.remove()” function, employed to delete local save files, was a significant contributor to the false virus alerts. Implementing a workaround that eliminated this function seemed to resolve the immediate issue.
However, the developer soon faced another hurdle: antivirus software retains memory of flagged URLs and file names. Despite the absence of problematic code, Dungeon Antiqua continued to be blocked. Attempts to rename the startup.exe file were unsuccessful, as the new files were still perceived as too similar to the initial flagged version.
Ultimately, a simple yet creative solution emerged: flipping the fairy image associated with the game’s file by 180 degrees. This unconventional fix allowed Dungeon Antiqua to bypass the antivirus barriers, enabling the developer to resume updates and enhancements.
Reflecting on the ordeal, frenchbread noted, “This issue was the toughest part of the entire game-making process so far, both psychologically and technically. Antivirus software wields considerable power, capable of labeling a heartfelt creation as a virus and obstructing its distribution.”
This incident underscores the myriad challenges indie developers face, from dealing with Steam Key scams to navigating the complexities of localization and the implications of Steam’s return policy on shorter games.
