Resonic and Virus Scanners (AV)

Resonic is as clean and privacy-friendly as software can be.
Some older versions were packed to protect our intellectual property, but certain virus scanners would always report them as malicious, no matter what we've tried. The same could and does happen to unpacked software of any type. Here's some general knowledge you should have.

Table of Contents

Introduction

This page will provide you with some essential information everyone using Windows software should have and know about these days.

All builds and releases of Resonic Player and Resonic Pro are double-checked prior to release, and are digitally signed as proof of origin and integrity:

• Executable and library files (.exe and .dll) are signed using a digital code signing certificate
  
• Setup packages (.msi) are signed with the same certificate
  
• Alpha versions are usually self-signed with a temporary digital code signing certificate

While you should take your antivirus (AV) results seriously you should also learn to read the results so you don't instantly fall for false positive nonsense:

• Verify your download sources
  
• Check the digital signatures in .exe, .dll, and .msi files
  
• Avoid low-quality virus scanners
  
• Always look for consistent results across multiple virus scanners

Your only source for Resonic content should be this website.

See also: Privacy Statement

Online virus scanners

When in doubt you can submit individial files to online virus scanning services like Virus Total or Jotti's to have them checked against a broad range of different virus scanners.

Note that their behavior test suites often deliver irritating results, and what in turn can be done with software that includes any sort of file management to not be flagged becomes extremely restricted. Looking at some of the nonsensical results they might as well report Windows Explorer as malicious as it accesses all your files, reads your registry, connects to the network and the internet, handles shell functions, runs other programs, … you get the idea.

Impact on application performance

Note that AV scanners can have a serious impact on general application performance, especially reducing startup performance of programs, file access performance (which is very relevant in a software like Resonic that scans audio files for metadata and waveform content), and if your programs are very large. To avoid this you can create a folder exclusion and see if it makes a difference for you.

Stripping the protection

In 2024 we've massively reduced Resonic's DRM according to our users' overwhelming wishes.

We've removed several layers of protection and packing techniques and are now using open-source software to compress our main files, which has several benefits:

• Much reduced false positive reporting for all parts of Resonic
  
• Less overhead during operation
  
• Much improved startup speed, usually after the first start in a session
  
• More flexible and user-friendly licensing system

Of course by doing this we're willingly exposing and expecting our intellectual property to be easily pirated. However, over the past years we've built a very large following of users who appreciate our efforts in making clean, privacy-friendly software, and caring about what others don't care about.

So after all, this is fine, and the way to go.

What virus scanners report

Okay, let's move on to the possible detection results AV software may throw at you.

False Positives

A so-called false positive is when a virus scanner wrongly reports a clean file as being suspicious or infected.

AV vendors tend to over-report. For them, reporting a false positive is considered less problematic than reporting a false negative. However, there is no incentive for them to change that. Sadly the reverse is true for any other legitimate software developer.

Every single Resonic build we made up to 0.9.4 used to report something different. Seems as legit as wine tasting professionals reporting wildly different smells and tastes on the same wine.

Detected as "Packed"

An AV scanner detects a file as packed when it recognizes the file as compressed (with third party tools) or encrypted, and when it may not be able to unpack it. Unless this is true for multiple AV scanners and for the same file it does not mean much.

Aside from commercial protection software like the one we used up to 0.9.4 there are many free tools available to pack programs, one of the most famous being UPX.
Our builds starting with 0.9.5 are packed with UPX, and since it's open-source software it can readily be unpacked (more or less like a .zip archive) by pretty much any virus scanner, and as easily by any user.

Detected as "Generic" or "Heuristic"

A generic or heuristic detection is merely a guess. The file in question may look “suspicious” to whatever algorithm or “artificial intelligence” is being employed. The metrics used by the AV software are kept secret, and legitimate software developers are left in the dark as to what caused the false positive in the first place. Many false positives fall into this category.
Even programs packed with UPX (see above) are sometimes reported as generic.

Detected as "Trojan"

Looking at versions up to 0.9.4, according to some AV scanners we're the dark lords of hell, here to bring the end of existence as a whole, and we'll start by violating your system in particular, because we have nothing better to do.

It's pointless trying to reason with trojan reports generated by AV software that itself would be better classed as malicious.

Reputation and Certificates

AV scanners these days also assign a “reputation” rating to files they encounter, with unknown files (e.g., a newly released update for Resonic) being less “reputable”. This is often marketed as “cloud protection”, or something to that effect.
Behind the scenes this is part of a large money machine that drives Extended Verification (EV) certificate sales.

While EV certificates are costly and are said to "guarantee more reputable files" they don't do much more for legitimate developers and instead quietly and effectively apply a money extortion scheme.

Digital Signatures

You can Right-Click on .exe, .dll, or .msi files, open Properties, and select the Digital Signatures tab to verify the signature and origin of the file.

When you check our files, or run Setup, the publisher should always read Liqube Audio e.U..

If these signatures are absent or broken the file was meddled with.

Slowdowns and Exclusions

Aside from potentially reporting false positives AV scanners may have a serious impact on Resonic's startup speed or generally reduce the application's performance. This is mostly true for versions up to 0.9.4. In extreme cases of bug-ridden AV engines startup might take between 15 and 30 seconds.

Make sure you always update your AV scanner to the latest version.

Adding an Exclusion

To avoid having Resonic reported as a false positive, or to generally improve its performance, you can go to your AV settings and add a so-called folder exclusion for your Resonic installation folder, which usually is C:\Program Files (x86)\Liqube.

Here are some instructions:

• For Windows Defender on Windows 10 and 8
  
• For Microsoft Security Essentials on Windows 7

We would generally not recommend doing this, but seeing how Resonic is performance-oriented software artificial slow-downs introduced by other software are rather counter-productive.

GUID Warnings (Drop Targets)

One of the more ridiculous reports on "dangerous behavior" we've received regards Windows Defender and is related to so-called Drop Targets. The old method of sending file and folder names (that you wish to play, for example) to a program is to use the command-line, e.g., start Resonic.exe with a "C:\Music\Song.mp3" parameter.

A newer way — that Windows itself uses, and many other software packages do too — of sending a list of file or folder names to a program makes use of Drop Targets, each having a unique number (GUID) for identification. They act like invisible windows that you can drop your files onto, except Windows Explorer does the dropping, e.g., to play a double-clicked audio file.

Windows Defender sometimes reports the two commands Resonic uses as "dangerous". If you see a warning listing any of these, you now know what they do:

Resonic Pro uses these Drop Target GUIDs:

Resonic Player uses these:

In case you like to analyze stuff use regedit and find these in your Registry, but if you have succumbed to paranoia, remove them. Besides, you can choose to not install these Windows Explorer commands during Setup. Either way Resonic will still work, although a bit impaired in its usability.

I'll now be in my room contemplating software development.

After Setup, Resonic won't start (.exe not found)

Some AV software might remove the Resonic.exe file during installation even if falsely flagged.

The annoyance here is that it might happen quietly. We find this disturbing for some obvious reasons:

• In the case of a (real) virus find the user should always be notified by the AV
  
• If files are quietly, and possibly incorrectly, removed by the AV some content might go missing without the user ever knowing about it, months might pass before this is discovered, and by then the data would likely be gone for good

"Could not find imported function in DLL"

Some AV software, e.g. Norton products, might quietly block access certain DLLs, even if false positives. Icons of affected files might look grayed out or faded and you could receive an error message like Could not find imported function in DLL 'xxx.dll' when trying to start Resonic. In this case the DLL file was most certainly blocked by another application.

Try disabling your AV software for a few seconds and re-run Resonic to see if that helps.
If it does, create an exclusion for Resonic.

In Our Words

We put all our time into this project, and our goal is to create something awesome.

We have high standards, and compromising the relationship with our users and customers does not fit with them.

Resonic is, was, and will always be free of malicious content, or intentions for that matter.

We value privacy and integrity in software.

We always have and always will deny offers to bundle ad-ware with our software for monetization. Should you come across any website offering these kind of downloads, please let us know so we can have them taken down.

While we hope this answers your concerns sufficiently you can always get in touch.