If you are like me and have no skill in regards to modeling assets, this can help! a lot of assets on the toolbox have viruses, which, is a huge problem, but it can be extremely useful to have quick access to high quality assets.
This script will detect a script that is unprotected and in: Workspace, Lighting, ReplicatedStorage, ServerScriptService, Players, and ServerStorage.
To protect a script, add a bool value (or really any object) as a child of the script and name it “protected”. If you do not do this to a script, the game will freak out and the script will be destroyed.
Script:
local workspaceStuff = game.Workspace:GetDescendants()
local lighting = game:GetService("Lighting"):GetDescendants()
local replicatedStorage = game:GetService("ReplicatedStorage"):GetDescendants()
local players = game:GetService("Players"):GetDescendants()
local serverStorage = game:GetService("ServerStorage"):GetDescendants()
for i, v in ipairs(workspaceStuff) do
if v:IsA("Script") and not v:FindFirstChild("protected") and not v.Disabled then
v.Disabled = true
warn("UNPROTECTED SCRIPT DETECTED IN WORKSPACE: "..v:GetFullName())
end
end
for i, v in ipairs(lighting) do
if v:IsA("Script") and not v:FindFirstChild("protected") and not v.Disabled == true then
v.Disabled = true
warn("UNPROTECTED SCRIPT DETECTED IN LIGHTING: "..v:GetFullName())
end
end
for i, v in ipairs(replicatedStorage) do
if v:IsA("Script") and not v:FindFirstChild("protected") and not v.Disabled == true then
v.Disabled = true
warn("UNPROTECTED SCRIPT DETECTED IN REPLICATEDSTORAGE: "..v:GetFullName())
end
end
for i, v in ipairs(players) do
if v:IsA("Script") and not v:FindFirstChild("protected") and not v.Disabled == true then
v.Disabled = true
warn("UNPROTECTED SCRIPT DETECTED IN PLAYERS: "..v:GetFullName())
end
end
for i, v in ipairs(serverStorage) do
if v:IsA("Script") and not v:FindFirstChild("protected") and not v.Disabled == true then
v.Disabled = true
warn("UNPROTECTED SCRIPT DETECTED IN SERVERSTORAGE: "..v:GetFullName())
end
end
I recommend putting it in ServerScriptService but you can really put it anywhere.
Um… sophisticated viruses are able to bypass this by hiding in nil, you know. Also, scripts don’t run inside of ServerStorage/Lighting/Players/ReplicatedStorage, so there would be no risk if a malicious script was hiding there. Additionally, most plugins like hiding malicious scripts in ServerScriptService… this is sorta cool but in practice not even remotely helpful (more like to cause problems for legitimate scripts in any of these locations). Even if it did detect scripts, they can easily forcefully set script.Disabled = false under a .Stepped binding, so you should call :Destroy() instead (doesn’t always work either, if there are two scripts, they can forcefully clone each other upon deletion, thus preventing script deletion).
not v.Disabled == true
when executed looks more like
(not v.Disabled) == true
so you should just write not v.Disabled.
imo simply whitelisting anything with a child named “protected” is terrible if you want this to be an effective antivirus
another thing - you are calling error() so if there is more than one “virus” (ie workspace) then the script will immediately stop running after erroring… this is not helpful
also some models do have real scripts in them that are necessary to make something work so blindly disabling them is just closed-minded av-wise
tldr: this doesn’t deserve to be called an antivirus since it won’t work 99 times out of 100
This is a horrible av, it defeats the purpose of avs which is to detect and kill threats while all this does is delete everything that doesnt have a value.
I see exactly where you are coming from, and honestly, I agree. But it works for me. I’m working on making it better but I thought some people might find use.
another thing - you are calling error() so if there is more than one “virus” (ie workspace) then the script will immediately stop running after erroring… this is not helpful
I realized that tonight, I’m working on a v2 that’ll be done in like an hour
(also applies to “> so you should just write not v.Disabled .”)
also some models do have real scripts in them that are necessary to make something work so blindly disabling them is just closed-minded av-wise
The purpose of this that is stupidly not listed in the post as of now is to make it so you can protect scripts that you know aren’t viruses in free models, it’s more of a notification rather than an av which I stupidly classified it as
so you should call :Destroy()
Yeah, disabling was dumb.
scripts don’t run inside of ServerStorage/Lighting/Players/ReplicatedStorage
The reason for these locations being checked is I personally store things in there for further use and lets say I inserted a free model chair into server storage to be later cloned into workspace, I’d want to know if there were scripts in there
Overall, I made this poorly and I hate myself for even posting it. I’m lucky to have received good feedback and once I’m done revising it hopefully people will actually like it.
It’s helpful to know that good antivirus scripts already exist as plugins or instructions a person can follow (ctrl+shift+f for any require calls), so my advice to you is to probably abstain from updating this and instead redirect people to something like this or this.