Time to get rid of the subversive element then. Can't have anything on your computer not listening to you. That's just inacceptable. >_>

GOG support wrote me that I should write to McAfee and explain my problem. The way I see it, this is a problem between GOG and most Antivirus software companies. We paid for the game and just don’t work. Anyhow, these are the risks we take when we buy stuff online…

Symantec, TheHacker, TrendMicro, TrendMicro-HouseCall, VBA32, ViRobot, VirusBuster, Norman, nProtect, Panda, PCTools, Prevx, Rising, Sophos, Sunbelt, McAfee, McAfee-GW-Edition, K7AntiVirus, Jiangmin, Ikarus, F-Prot, eSafe, Emsisoft, Comodo, CAT-QuickHeal, AhnLab-V3, AntiVir, Antiy-AVL, Authentium

i have the same problem with win7 and microsoft security essentials

But we are also customers of GOG. We have purchased the software in a good faith that it will be compatible with our software. TOEE description does not include disclaimer: does not work with most of antivirus software. GOG used old crack to remove DRM, this crack shows up as Trojan on scanners. If they've used something else, there would be no issue.

All I ask from them is to use this link:
http://www.mcafee.com/us/threat_center/dispute/dispute_form.asp

and notify McAfee that software published by GOG is not a virus.

Wow. Not that I use any of those, but that's quite a few to be triggering.

Best guess -- TOEE is wrapped in an EXE encrypter/packer in an attempt to slow down hackers. At one point, that was a valid thing to do (I know -- I did it to a program that I've developed and sold), but in the last few years, a lot of the antivirus products have blanket marked any program using an encryption/packing wrapper as suspicious, because it means that the scanner can't get to the "real" exe to see what it is / does.

Oddly, if that is the case, it means that either GOG unpacked it, removed DRM, and repacked it (highly, highly unlikely), or the DRM was handled through an external system outside the packed TOEE, which means all the hackers (and GOG) had to do was replace the external system with one that said "yep, we're all good".

Of course, I'm just theorizing about all of this... It could be that Troika tried to do their own counter-hacking code, using self-modifying code or something, and that's what's setting off the virus checkers.
(I'm going to start off somewhat argumentative, but also read to the end where I retract my entire earlier statement)

Technically, you purchased it in good faith that:

1. It would work with your operating system (no guarantees anywhere about other software, simply because there are too many variables)
2. It would not contain a virus/trojan/malware

It would appear that there is no actual malware involved. While a lot of AV programs are complaining, there are also a large number of very well known scanners that are absent from the list above. To my eyes, that list consists of a lot of products that are known for false positives and a lot of products I've never even heard of.

As for how the DRM was removed -- I would definitely want to have that nocd crack checked very thoroughly. But really, unless the publisher is willing and able to unwrap the exe, that's as good as it's going to get. Back in the early days of GOG, some of the claims suggested that they had somebody on team that lived and breathed for reverse engineering and direct binary patching. Not so much. And publishers rarely (never?) have the code and tools and so forth necessary to recreate a DRM-less version of the software (and would be unwilling to spend the necessary effort even if they could, as it would consume a large hunk of any profits made via GOG sales through labor cost -- GOG's primary benefit to publishers is that it costs them nothing but permission to have another source of money coming in). So things like this have to be done via external nocd cracks.

Now, if there were multiple nocd cracks available for TOEE (I haven't looked), then it would have been nice to use the least "alarming" one :)

And proof that my entire "McAfee only listens to customers" argument is completely invalid.

Although I will point out, having just gone to that site, that it asks a lot of questions that I have not seen answered in any of these posts, which would make it difficult for GOG to fill out said form:

Product and version:
Engine Version:
DAT Version:
Detection type as given by McAfee: (this one is not required, but when I pop down the list I find it interesting that it lists cracks and keygens. This strongly suggests that this is not a false positive, but something that they are actively trying to kill. If that _is_ the case, they will ignore the dispute, because the file is exactly what they say it is -- a cracked version -- and they don't want cracked versions to exist. This is probably because they themselves use DRM and wish to support all other DRM users and "hurt" pirate users. This would also explain why the commercial AV scanners are tripping, and the free ones are not so much. Though, again, I'm extrapolating wildly here...)

I believe that would be enough info for GOG to submit on your behalf.

Guys from CO8 mod forum point to GCW crack:
http://www.co8.org/forum/showpost.php?p=101460&postcount=9

Hm... don't McAfee and Norton have these objects categories you can chose from for it to look out for? Like Virus, Malware, Games, Riskware, Heuristics...

Turning some of the minor types off could already help.

Unfortunately, I have turned off whole real-time scanner - yet the file is still being quarantined.

Just add the gog game file to excluded files and locations, and you shouldn't have any problems. I didn't.

Unfortunately with the latest McAfee, when you turn off all Virus Scanning features + Firewall, the game will install then it will crash to the desktop (and if you keep the GOG>>>TOEE folder open with the TOEE.exe in view), you will see McAfee regardless of being "off" will quarantine and promptly delete it without your permission....

Also you need to have the Firewall "on" to be able to to add program permissions or all the options will be greyed out when its off. So basically it will delete your file even before you can get to program permissions anyhow as it needs to be "on" to activate that function.

So really its up to users to send this file to McAfee HQ to accept this file and or uninstall McAfee etc (Which I know most users won't do over one game...no matter how brilliant and amazing it is, sadly :( )

I just redownloaded ToEE and it is running fine, even with McAfee scanning as per normal. I just went to the ToEE folder and ran ToEE3.exe, (note the "3") instead of using the installed shortcuts. Hope this helps.

It is slightly better - I was able to start the game, but McAfee quaranitned it just after party creation. The new .exe shows up as Artemis!4802D90217BE Trojan in McAfee (so it is progress, the old one was detected as Generic.dx). Still false positive :(

Edit:
There is hope :) I've send the file to Avert Labs.
"inconclusive [ toee3.exe ]
Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected. Your submission is being forwarded to an McAfee Labs Researcher for further analysis. You will be contacted by McAfee through e-mail with the results of that analysis."

Ah that is good, they basically follow this up with a random 'McAfee has new updates and neeeds to restart your computer' type of update, so lets hope whenever that happens this game's exe will be included to their exclusions list!

Just a note that I was able to add the game to the 'Add Permisions' list in Firewall however it didn't do anything. McAfee's response time in deleting the Toee3.exe file differs from immedietly to now roughly 5-10 minutes into say for example the Tutorial level (I got as far as after resting at camp with the Wizard you meet before McAfee deleted the "Artemis!4802D90217BE" file....)