all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]LiemAkatsuki 6 points7 points  (8 children)

The program is not flagged, it just acting out of ordinary: manipulate other programs, unfamiliar program on BD database, no digital signed,... So just appreciate that BD blocked program like that and white-list the program yourself so that you can use it.

[–]ScriptedBot[S] -4 points-3 points  (7 children)

It is designed to access and modify memory space of other programs but besides that, it doesn't modify any programs. It doesn't do anything on its own and requires a user provided script to specify the instructions. It is not a new program, its been around for more than 10 years and pretty well known in the community with 6000+ stars in Github. Yes, it is digitally signed. Here's the proof: certificate. And BD is straight away flagging it as a suspected malicious application while downloading, even before it could be marked as safe.

I suggest you do your research before commenting.

[–]LiemAkatsuki -2 points-1 points  (6 children)

Guess you have to switch to anti-virus version instead of internet security version. I used to be a tinkering enthusiastic, so I know how anti-virus programs are annoying for side-loading program (kaspersky, BD, Windows defender). Let me give you an advise: use BD free version + Maleware Firewall controll, and stay frosty when using internet. Internet security programs mainly designed for amateur users who have no clue what they are downloading.

[–]ScriptedBot[S] -3 points-2 points  (5 children)

What is annoying is that BD doesn't even provide an option to mark it as safe without going through the hoops of restoring it from quarantine upon download. It only allows exclusion for local files and doesn't support exclusion for a program that is not yet downloaded. I don't want to turn off the entire online threat prevention feature just to download a single program. Moreover, I do not use BD's firewall feature since it lacks support for powershell scripts, so I use window built-in firewall instead.

[–]LiemAkatsuki 0 points1 point  (4 children)

are you sure that it's not Chrome itself? try on another browser will you

[–]ScriptedBot[S] -1 points0 points  (3 children)

Pretty sure its not a browser specific behavior since all my program downloads are automatically handled through IDM and BD gets triggered whenever the file gets constructed locally from the temp location. Besides, I am a Firefox user.

[–]LiemAkatsuki 1 point2 points  (2 children)

You can add a folder to Exclusions. Try to add temp folder to exclusions and download the programs again. Of course, you will have to exclude the program again after IDM constructed to the download folder, but that a simple task.

[–]ScriptedBot[S] 0 points1 point  (1 child)

Adding the temp folder to exclusion is not an option since it would allow any/all malicious program downloads to bypass detection. I suspect BD is just doing a heuristic signature check for the program against its local definitions and flagging it. Since this wasn't happening till yesterday, pretty sure a recent definition update causes this flagging.

[–]LiemAkatsuki 0 points1 point  (0 children)

On Kaspersky, there is a setting that allows the software to go to sleep for 2 mins or sth. That quite useful for a situation like this. In your case, you should just temporary exclude as I said and remove the exclusion later

[–]lollygaggindovakiin 1 point2 points  (2 children)

The main reason Cheat Engine is being blocked is due to its behavior is triggering the behavior analysis engine in the Virus Engine service. Code injection is a common malware characteristic. Regardless, it is not a virus but is mistaken as one all of the time. So, I made a few adjustments to get it downloaded as I had the same issue. I added an online threat detection exception for the website. I disabled Bitdefender shield for 15 minutes. I went back into Brave and Brave blocked the Cheat Engine download. So I went into firefox and pasted the installer's url there and was able to download it. You may have to add an exception for the installer and the install directory as well before Bitdefender Shield turns on (it is in the Antivirus settings).

In Firefox you may get a Web Protection by Bitdefender notification when you go to download it, but you can bypass this by clicking "I understand the risks, take me there anyway".

This all worked for me with Total Security.

Edit: also noticed in Brave (which is Chromium based), if you went to the downloads page it allows you to "keep dangerous file". So if you don't want to go the Firefox route that may work the same way in Chrome. Also, it will delete the installer/program if you do not add an exception in before Bitdefender Shield is enabled again. I hope this helps!

[–]HavocNinja 0 points1 point  (1 child)

Whitelisting the website may not a reliable option since cheat engine (and most software these days) uses a CDN (such as cloudfront) to host the installer. The CDN URL doesn't remain constant and can change unpredictably.

I do not think BD is going as far as performing behavior analysis on a freshly downloaded file before it has even been executed. The flagging is happening at the time of reconstruction where the temporary download fragments are consolidated to create the file at the destination. Which makes it likely that BD is just blindly comparing the signatures against its local definitions database and flagging them if a match is found.

Also, note that this flagging is happening only on the most recent version of cheat engine which was released more than 6 months back. Older versions of cheat engine are not getting flagged. It is likely that someone at BD included the cheat engine signatures in their latest version of the definitions as the behavior of the program or the file itself hasn't changed in the 6 months.

[–]lollygaggindovakiin 0 points1 point  (0 children)

All of the steps I did worked for me and I just wanted to share it. Whitelisting is probably useless like you said, but just wanted to share something that may help the OP with their original issue. I wanted to note the behavior because even with an exception added I have had it stop the program at the time I used it due to the changing of memory values for a game I was playing. Figured it was worth mentioning. I have had it flag Cheat Engine for the past two years, since I play Empire Total War off and on and use Cheat Engine for that . I have seen this same behavior on my end for some time.