Resonic and Virus Scanners (AV)

Resonic is clean, but packed to protect our intellectual property, and some virus scanners always feel like reporting it as malicious, no matter what we do. Here's what you need to know.

Introduction

This page will provide you with some essential information everyone using Windows software should have and know about these days.

All builds and releases of Resonic Player and Resonic Pro are double-checked prior to release, and are digitally signed as proof of origin and integrity:

  • Executable and library files (.exe and .dll) are signed using a digital code signing certificate
  • Setup packages (.msi) are signed with the same certificate

While you should take your antivirus (AV) results seriously you should also learn to read the results so you don't instantly fall for false positives:

  • Verify the download sources
  • Check the digital signatures in .exe, .dll, and .msi files
  • Avoid low-quality virus scanners
  • Always look for consistent results across multiple virus scanners

When in doubt you can submit individial files to online virus scanning services like Virus Total or Jotti's to have them checked against a broad range of different virus scanners.

Note that AV scanners can have a serious impact on Resonic's overall performance. To avoid this you can create a folder exclusion.

Your only source for Resonic content should be this website.

See also: Privacy Statement

False Positives

A so-called false positive is when a virus scanner wrongly reports a clean file as being suspicious or infected.

AV vendors tend to over-report. For them, reporting a false positive is considered less problematic than reporting a false negative. However, there is no incentive for them to change that. Sadly the reverse is true for any other legitimate software developer.

Every single new version we release reports something else. Seems legit.

Detected as "Packed"

An AV scanner detects a file as packed when it recognizes the file as compressed (with third party tools) or encrypted, and when it may not be able to unpack it. Unless this is true for multiple AV scanners and for the same file it does not mean much.

Detected as "Generic" or "Heuristic"

A generic or heuristic detection is merely a guess. The file in question may look “suspicious” to whatever algorithm or “artificial intelligence” is being employed. The metrics used by the AV software are kept secret, and legitimate software developers are left in the dark as to what caused the false positive in the first place. Many false positives fall into this category.

Detected as "Trojan"

According to some AV scanners we're the dark lords of hell, here to bring the end of existence as a whole, and we'll start by violating your system in particular, because we have nothing better to do.

It's pointless trying to reason with trojan reports generated by AV software that itself would be better classed as malicious.

Reputation and Certificates

AV scanners these days also assign a “reputation” rating to files they encounter, with unknown files (e.g., a newly released update for Resonic) being less “reputable”. This is often marketed as “cloud protection”, or something to that effect.
Behind the scenes this is part of a large money machine that drives Extended Verification (EV) certificate sales.

While EV certificates are costly and are said to "guarantee more reputable files" they don't do much more for legitimate developers and instead quietly and effectively apply a money extortion scheme.

Digital Signatures

You can Right-Click on .exe, .dll, or .msi files, open Properties, and select the Digital Signatures tab to verify the signature and origin of the file.

When you check our files, or run Setup, the publisher should always read Liqube Audio e.U..

If these signatures are absent or broken the file was meddled with.

Slowdowns and Exclusions

Aside from potentially reporting false positives AV scanners can have a serious impact on Resonic's startup speed or generally reduce the application's performance. In extreme cases of bug-ridden AV engines startup might take between 15 and 30 seconds.

Make sure you always update your AV scanner to the latest version.

Adding an Exclusion

To avoid having Resonic reported as a false positive, or to generally improve its performance, you can go to your AV settings and add a so-called folder exclusion for your Resonic installation folder, which usually is C:\Program Files (x86)\Liqube.

Here are some instructions:

We would generally not recommend doing this, but seeing how Resonic is performance-oriented software artificial slow-downs introduced by other software are rather counter-productive.

GUID Warnings (Drop Targets)

One of the more ridiculous reports on "dangerous behavior" we've received is coming from Windows Defender and is related to so-called Drop Targets. The old method of sending file and folder names (that you wish to play, for example) to a program is to use the command-line, e.g. start Resonic.exe with "C:\Music\Song.mp3" parameter.

A newer way to send a list of file or folder names to a program — that Windows itself uses, and many other software packages do — makes use of Drop Targets, each having a unique number (GUID) for identification. They acts like invisible windows that you can drop your files onto, except Windows Explorer does the dropping, e.g. to play a double-clicked audio file.

Windows Defender sometimes reports the two commands Resonic uses as "dangerous". If you see a warning listing any of these, you now know what they do:

Resonic Pro uses these Drop Target GUIDs:

{8552FC39-81F5-4EBB-828A-282885CFE684} -- Play with Resonic Pro
{896560D0-399C-4A18-BC59-369C42EAAF81} -- Browse with Resonic Pro

Resonic Player uses these:

{72B699E1-7CAC-4B74-9FC9-85E326968A5D} -- Play with Resonic Player
{777D9116-4EF7-44D5-A6ED-73F59C3BB2B8} -- Browse with Resonic Player

In case you like to analyze stuff use regedit and find these in your Registry, but if you have succumbed to paranoia, remove them. Besides, you can choose to not install these Explorer commands during Setup. Either way Resonic will still work, although a bit impaired in its function.

I'll now be in my room contemplating software development.

After Setup, Resonic won't start (.exe not found)

Some AV software might remove the Resonic.exe file during installation even if falsely flagged.

The annoyance here is that it might happen quietly. We find this disturbing for some obvious reasons:

  • In the case of a (real) virus find the user should always be notified by the AV
  • If files are quietly, and possibly incorrectly, removed by the AV some content might go missing without the user ever knowing about it, months might pass before this is discovered, and by then the data would likely be gone for good

"Could not find imported function in DLL"

Some AV software, e.g. Norton products, might quietly block access certain DLLs, even if false positives. Icons of affected files might look grayed out or faded and you could receive an error message like Could not find imported function in DLL 'xxx.dll' when trying to start Resonic. In this case the DLL file was most certainly blocked by another application.

Try disabling your AV software for a few seconds and re-run Resonic to see if that helps.
If it does, create an exclusion for Resonic.


In Our Words

We put all our time into this project, and our goal is to create something awesome.

We have high standards, and compromising the relationship with our users and customers does not fit with them.

Resonic is, was, and will always be free of malicious content, or intentions for that matter.

We value privacy and integrity in software.

We always have and always will deny offers to bundle ad-ware with our software for monetization. Should you come across any website offering these kind of downloads, please let us know so we can have them taken down.

While we hope this answers your concerns sufficiently you can always get in touch.