Defcodert — Anti-Virus / Anti-Backdoor Plugin [FREE]

Resources Community Resources
, , , ,
#1

1000×325 21.2 KB

Discontinued

The plugin is no longer being updated, due to my new and better projects.

:hammer: Install Plugin

Has your game ever been infected with a virus that you just can’t find among everything else?
In any case, there are many free models on Market Place right now, but some of them contain malicious scripts. Their purposes are different - some are harmless lag scripts, some are dangerous backdoors, but sometimes they are hard to find on their own, so there are anti-viruses on the marketplace, and this is one of them!

Defcodert is an antivirus that scans scripts in multiple ways - more than 15 scanner functions! Many things are implemented in it that are not implemented in other anti-viruses. See by yourself!

Differences from the others

Why Defcodert, not the other antiviruses?

📹 Scanner

Defcodert has a smart scanner that will listen to you - want to detect only require() function? Go to settings and disable other types! Disable ANY type of threat if you don’t think you need it.

✨ UI

Honestly, I haven’t seen any antivirus with the same smoothness of windows. That’s why Defcodert antivirus is perfect in terms of usability!

⚡ Speed

Scanning speed is >1200 objects/second. Very fast, right?

🐇 Line Jump

Navigate to the line that caused the suspicion for almost every check parameter. You can easily select the cause of suspicion and jump to a line of code.

🔰 BG Scanning

Defcodert scans your game in the background and you will be notified if anything is detected.

🍂 Sensitivity

Select the sensitivity for specific types of threats so that the scanner works the way you want it to work. Read more about this feature in special section! (Tutorials → Sensitivity)

📲 One plugin - one widget

I don’t like having many buttons on the plugin panel, so Defcodert has one button with all the stuff. ONE!

💡 Update reminder

Have you ever had your plugins simply become obsolete? You just forget to check for updates, and so do I!
Defcodert won’t let you be in old protection - it will offer you to update your plugin if it notices that there is a newer version!

🐣 Easy change

Easily modify the Whitelist by deleting objects; easily modify quarantine scripts directly in the plugin by deleting or adding to the whitelist; easily change plugin settings in the same widget!

🛂 Plugin actions under control

The plugin will never remove/modify the script on its own without your consent. If the plugin thinks the script is suspicious, it will quarantine it automatically and send you a notification in the editor window. You can easily click on the notification - the widget will open immediately with an open threat.

⏹ Disable the plugin in specific places

When opening a new location for a plugin, you can choose whether to create a plugin folder and enable the plugin, or not to create a folder now or never run in that location (the plugin will create an object with a special deactivation key that cannot be faked by other plugins)

Functions

Plugin functions:

  • Detection of 11 types of threats by normal scanner + 8 by Advanced Scanner;
  • Move scripts to quarantine;
  • Automatic scanning of objects that you add;
  • Manual start of scanning;
  • Choice of which types of threats to respond to;
  • Object whitelisting;
  • Easy selection of all items in quarantine for action (delete/add to whitelist);
  • Detailed scanning progress;
  • Incredibly fast scanning (>1200obj/s);
  • Detailed explanation of why an object is a threat;
  • Smooth windows animations;
  • Jump to sus Line;
  • The plugin will remind you to update the plugin.
Types of threats what it detects
  • HttpService
  • InsertService
  • Site Names in scripts
    like Discord or GitHub
  • require()
  • getfenv()
  • loadstring()
  • Getting Game Info in scripts
    Like “game.CreatorId” or “game.PlaceId”
  • Long Lines of code
  • Already Known Viruses Names like “RotateR” or “Webhook”
  • Endless Loops
    while true do end
  • Hexadecimal numbers
  • Advanced Scanner
    See more at Advanced Scanner Section
Type of threat: Advanced Scanner

Advanced Scanner is a collection of several types of checks, which include checking for:

  • lag/troll activity
  • Backdoor activity
  • Downloader activity
  • Bad ID or Virus developers’ names (incomplete, but there is some)
  • Player teleportation actions
  • Buying action
  • Large script (>3000 lines of code)
  • Obfuscated code (too many actions on one line)

Note: If you want to disable a specific type of threat detected by AdS, click on the three dots next to the Advanced Scanner setting.

Versions

:star:- interesting / big update

v1 ~2/04/2023
  • Plugin is Created
v2 25/04/2023
  • Types of threats’s descriptions rewrited
v3 26/04/2023
  • Notifications UI has improved
v4 08/05/2023 Global Update! ⭐
  • :star:Added sensitivity for certain types of threats;
  • :star:New UI: Settings;
  • :star:Added ability to see analytics!;
  • :star:Added tutorial;
  • :star:Dialog boxes: confirmations, messages, select response;
  • New Threat Attribute in Quarantine: New;
  • Ignoring places has been improved;
  • Stability improved;
  • Added more virus names;
  • Removed “Details” button;
  • Bug fixing.

Thanks for the ideas and concepts to @vopwn55

v4.1 11/05/2023
  • Bug Fix

Instructions / Tutorials
Startup dialog window

Startup dialog window

When you open a new place for the plugin, a dialog box appears:

Dialog Window
Dialog Window875×415 42.8 KB

If you click “Ok, create” then the plugin will start working as usual and create local data for this place as a folder in ServerStorage.

If you click “Not now” then the plugin will simply do nothing, it will stop at this point. The next time you open that place it will offer to answer that question again.

If you click “Not here” then the plugin will create a unique code, save it to the plugin settings (maximum codes: 32) and create a StringValue named: “Defcodert will be disabled as long as this object exists” and equate its value to the same code. The plugin will stop at this point. The next time the plugin won’t open the dialog box, it will stop.
Note: having renamed the object with the code, Defcodert will ask you again.
Note: if you will have more than 32 codes, Defcodert will delete the oldest one, which can cause an error: E91

Analitycs Setting ALPHA

Analitycs

The plugin by default collects some data for statistics, but does not send it anywhere. Analytics collects data such as:

  • amount of time spent in the studio in seconds:
  • number of plugin launches;
  • number of widget openings;
  • number of scripts scanned;
  • number of threats;
  • amount of whitelisting;
  • number of quarantined objects deleted;
  • amount of openings of scripts from the plugin.

Note: with updates statistics can be expanded

Sensitivity

Sensitivity

Select the sensitivity for specific types of threats so that the scanner works the way you want it to work. Sensitivity, as you can guess from the name, affects the sensitivity of the plugin to the threat. You can choose whether the sensitivity is global or local. (The default sensitivity is global, medium)

Sensitivity in settings
Sensitivity in settings252×646 25.8 KB

Global sensitivity affects all the parameters at once, that is, if the sensitivity is global - all sensitivity parameters will be changed by this number, but it will not be visible.
Local sensitivity allows you to change each sensitivity parameter independently. For example: sensitivity to require() can be set to medium, and sensitivity to names to low, etc.

How does sensitivity affect specific types of threats?

require()

Low: a threat if there is a number in brackets, but no punctuation marks.
Medium: threat - if there is a number in brackets.
High: if there are brackets next to the function.

names

Low: critical similarity percentage = 95%
Medium: critical similarity percentage = 90%
High: critical similarity percentage = 85%

There is 5+ types that support sensitivity!

The others work on a similar principle, I think you understand the logic of sensitivity. If you are interested in knowing more, write down what you are interested in knowing.
Thanks to @vopwn55 for idea with sensitivity!

Tired of changing TextLabel to TextButton?
Instantly switch between any classes with this free plugin:

Logo Switcher

Just to remind you, Defcodert is in BETA, which means it can crash at times) But this never happens!

📩 Leave comments with your opinion - for example: what do you think of the plugin's functions, UI... If you notice a bug or have any type of question - I'll answer it.

Thanks for reading! Really!
8 Likes
#2

I feel like whilst this tool might be beneficial for some users, it doesn’t add any features which would benefit any high lever coder. Not to mention it flags a bunch of stuff which are not threats to begin with.

My criticisms really are:

  • A predominant number of the things it scans are not viruses to begin with.
    I’ve concluded that 11/20 threats your thing scans, appear in my code which I have created and I know it is not a virus because I made it. Frankly high level coders or even old coders will use this stuff typically.
  • Most the stuff you have can be done in a Ctrl + Shift + F search - why do I need a plugin to do this for me, its a one time process for a lot of coders who need to remove viruses.
  • Your system claims it has speed, but the value you have presented is system dependent - not to mention I feel like by removing a bulk of your operations the process could still be faster.
  • No future proofing in your system, their is no guarantee to any user that your system will not be used maliciously in the future - as none of the system is in a repository either, their is no way I know your current system is not malicious, its even more suspicious as its free.
  • I will spend more time setting up your plugin, then actually the time gained from checking these things myself.
  • Supports the idea that the user should be informed about how to inspect code, your system denominates good and evil based on the presence of things.

I can’t honestly recommend this but its good you’ve actually made a smooth anti-virus plugin.

2 Likes
#3

Hello clu! I really appreciate your detailed feedback on everything, it really helps me. This is my first plugin and I understand that it is far from perfect. I will respond to each of your comments as best I can:

On the whole, I agree with you. The number of false positives is very high.
This is due to the large number of checks of the script. This is also due to the fact that the plugin is configured by default to be as secure as possible. The settings are your decision.

I don’t agree with that - constant Ctrl + Shift + F adding items from marketplace can get very tedious. The plugin is not designed for a one-time check, but for constant tracking of added objects.

The speed of the plugin really does depend on the system… In my case, it is instantaneous. I tested it on real, long scripts (about 1000 pieces) and it handled it in a second! Did you read my code? :neutral_face: I think the code is very dirty for you! Despite this, the plugin is still faster than its competitors.

I can’t prove that the plugin is correct and honest. But if someone is afraid to use it, let them install it locally. If I make it payable, would you believe me that it is fair?)

I don’t think setting up the plugin is long, less than 30 parameters in the settings! The fact that it has many settings is even a plus for the plugin. Or do you want 2 settings: require() and getfenv() like some outdated plugins?

Haha! That’s really true, I’m thinking of removing this nonsense altogether. I added it at first as a quick instruction, but then forgot to edit it properly.

Anyway, you’re the first person to leave a review! Thank you for accurately pointing out the shortcomings of the plugin! I really appreciate it! )
That last sentence was very nice! But despite this, the plugin is still (in my opinion) slightly better than the competition. (Although for a parent, their child is always the best)

3 Likes
#4

Heh, I always had an .rbxl file with about 40 or so virus scripts collected from 2016 to 2022, always waiting for an antivirus to test it. So I decided to install your plugin, and check out what it finds in the test game.

First off, I think the tutorial UI can be improved and it should respect the window size of the widget it’s in.

After completing the tutorial, the plugin IMMEDIATELY started alerting me:

image
image1012×513 158 KB

Which is a good thing, however there should be a setting to disable background scanning for low-end devices which may lag a lot.

As for detection, 35 out of 40 viruses were flagged:
image
(below are the remaining ones)
image
Which is absolutely amazing for a Roblox anti-virus, especially the fact that it was able to find obfuscated viruses too.

However, as @6Clu pointed out, this antivirus also flags completely innocent scripts. I revisited one of my older game projects and immediately 14 scripts (which I myself coded) were flagged, mostly by the “advanced scanner”. So there’s still room for improvement.

Nevertheless I’m glad that a new antivirus was developed after such a long time, and with actually good-looking UI. I hope that this antivirus can be improved and succeeds in the foreseeable future!

2 Likes
#5

Wow! A truly magnificent review! You have given me a lot of happiness!

  1. thank you so much for your plugin test, I unfortunately don’t have such a magic folder, so your test made me happy.
  2. Yes, I’m just thinking about improving “notifications”! You reminded me of that horror!))) You’ve prompted me to consider the size of the window in the tutorial - thanks!
  3. Background scanning can be turned off in the settings, it’s just signed as: “Scan Added Objects” and “Scan on Start”, so you probably didn’t find it.
  4. About 14 scripts - although the plugin has a lot of false positives… as they say: better safe than sorry))))

I’ll try to live up to your expectations in the foreseeable future! Thank you so much for writing a good review, it’s very nice to read!

1 Like
#6

I’m glad you enjoyed my review! Here are some suggestions that may help you:

  1. Make it so notifications don’t take up most of the screen, and maybe limit them to only 3 at a time.

    image
    image986×512 86.9 KB

  2. Your settings interface is quite confusing. You should make it obvious to the user how to reduce scan sensitivity:

    image
    image439×750 49.5 KB

  3. You should insert the top 100 or so models from the Toolbox, and search up some most common queries, and add the viruses that show up to your antivirus. That’s a good practice since some of the most popular virus types to date will be blocked. Also, try to detect obfuscation in scripts (e.g. lililililil type of variable naming triggers the alarm).

Good luck with your plugin!

1 Like
#7

IAmVo, hello again!

  1. Notifications. I really liked this idea, it looks clean and very clear, it’s also easy to implement and really improves the user experience.
  2. Sensitivity. This idea is very good, it solves the problem of too complicated interface and too many false alarms (which many people don’t like), and what you’ve done in the picture looks amazing! I will try to expand on this idea: for example - sensitivity is global or there is a different sensitivity for each setting.
  3. Detecting new viruses: ok, I’ll try to do that and update the list of virus names regularly.

Your concept arts looks great - especially the scanner sensitivity. I will try to add these features in the near future (1-3 weeks, as adding sensitivity will be a challenge) - all ideas are very good. Thanks for your hard work, IAmVo! ;]

1 Like
#8

You should also be able to whitelist certain scripts, or scripts in certain places. Some scripts will use HttpService, and require. One of my scripts uses getfenv to set the script variable to nil to prevent Lua from complaining.

If something is moved to the quarantine, it should save the location the script was in so you can easily move it back if needed. I don’t know if that’s already added!

1 Like
#9

Blueberry, hello!

  1. The WhiteList system is already in Defcodert! The demo video shows the WhiteList-ing process!

  2. When Defcodert finds a threat, it moves it to quarantine, storing the object’s parent object in a special folder and some more information. On WhiteList-ing an object from quarantine Defcodert automatically moves it back to the parent, if the parent is no longer there, Defcodert will move it to Workspace!

I hope I have understood you correctly, and have answered your questions correctly.

#10

📃 Update log - Defcodert v4 08/05/2023

🍂 Sensitivity!

Choose the sensitivity for some parameters to make the plugin work the way you want it to.
Thanks for idea to @vopwn55

💡 Analytics!

The analytics of the plugin is visible! See the analytics and enjoy!

🍡 Tutorial!

Added a tutorial for easier learning of the plugin!

:pushpin:Read more in the: “Versions” → v4 08/05/2023

2 Likes