Pop the same file through VirusTotal and see what comes back. Defender will sometimes flag shit just because it performs activity that MS doesn’t like.
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
Here is a quick guide on how to use Virus Total for pirated software https://rentry.org/Guide4VirusTotal
That's not precisely a false positive because they're not telling you it's infected with anything.
What they're saying is just "hey, this is a crack", which you already knew. As for why they do that:
-
Many of these AV solutions are meant to be used in a business environment, where a crack would be unwanted software. (I mean so would any game, but you definitely want to know if someone is dumb enough to be downloading and installing cracked games on a computer meant for business, which puts the company at risk.)
-
A lot of cracks - even legitimate ones - do stuff that causes malware algorithms to ping on it (modifying other arbitrary software, or interferes with stuff as it's being run in an odd manner, or is modified in a way that creates unreachable code and other stuff that a compiler wouldn't normally produce, say.)
-
AV is trained by actual human researchers who investigate files like the above. Most likely when they come across a crack that set off their algorithms they just go "eh it's a crack, we're not going to bother investigating it further" and toss it in that bin because realistically pirates aren't the ones paying their bills.
So it doesn't mean the software is unsafe, but it doesn't necessarily mean it's safe either, so to speak. It's "no reading."
I would recommend putting it through clamtk, but I am not familiar with VirusTotal.