Malware Heuristic on some games question

[Carnov]

There are some games I've noticed pops up in my antivirus (Malwarebytes) claiming to be a malware called malware.heuristic.1001. The thing I've noticed is that all of them are the same type of virus (malware.heuristic.1001), only game.exe got quarantined, all of them came from this site, and they're all Japanese games. No other files are quarantined.
My question is, are they actually virus to be concerned about or are they just false positive? Assuming they are false postive, should I block them from connecting to the internet via firewall just to play safe?

 

[Flecc]

Tricky one ,It could be a false positive or it could be a real nasty It really boils down to how much you trust the source of the file. and even then its not a guarentee .best advive would be run it in a virtual enviroment and see what happens .at least that way if their is a problem it is not going to affect your main operating system

 

[Carnov]

Tricky one ,It could be a false positive or it could be a real nasty It really boils down to how much you trust the source of the file

Ain't that a predicament. I guess firewall is out of the question. Just a heads up, all the games that got this problem came from this site. No mod files and such from outside sources are present

 

[anne O'nymous]

[...] only game.exe got quarantined, [...] and they're all Japanese games.

So I guess that it's all RPG Maker games.
There's high chances that it's a false positive then, not because there's not RPG Maker games that can be corrupted, but because there's a schema behind those alerts ; it's always the same game engine, and always with Japanese games.
Test one of the game.exe file with

You must be registered to see the links

, and look at what it say. The less there's anti-virus detecting something, the more likely it's a false positive.

 

[Carnov]

So I guess that it's all RPG Maker games.
There's high chances that it's a false positive then, not because there's not RPG Maker games that can be corrupted, but because there's a schema behind those alerts ; it's always the same game engine, and always with Japanese games.
Test one of the game.exe file with

You must be registered to see the links

, and look at what it say. The less there's anti-virus detecting something, the more likely it's a false positive.

So I tested them there and all of them are undetected, which funnily enough includes Malwarebytes, in the detection tab. So I guess it's safe to say they're clean?
Out of curiosity, what made them be detected as virus in the first place? What exactly made them false postitive? I've got a bunch of Maker games and they're not detected. One thing I notice is for the most part, the clean ones have the same default icons.

 

[anne O'nymous]

[...] which funnily enough includes Malwarebytes,

Probably time to update your version then, or take a look at the update feature if it's supposed to be automatic.

So I guess it's safe to say they're clean?

Totally safe.

Out of curiosity, what made them be detected as virus in the first place? What exactly made them false postitive?

There's two way to detect virus and malware. The most used nowadays is to do a behavior analyze, but the historical way is still used a lot of time. And this way is to look for a particular signature (a suit of BYTE expected to be unique for this or that virus/malware).
But both methods aren't perfect. A software isn't just code, it's also data, and data can be absolutely everything, including a suit of BYTE matching either a virus/malware signature, or a specific behavior. And it's not always possible to discriminate between code and data. What lead to false positive time to time.
Like each anti-virus tend to have its own signature and behavior database, using a site like TotalVirus permit to have a better view over this ; as I said previously, the less there's anti-virus detecting something, the more likely it's just a false positive.

As for why those particular games and not others... Well, there's many version of RPG Maker, probably some revision (bug fixes) among a particular version, and also possible differences depending of the localization. Like it's a software make by a Japanese company, there's surely a Japanese version and an international one, each one having its own set of data.