Most likely a "false positive" but still weird because this was the first Virus Warning i ever got on a GOG game from the "Build in Win defender".

I was restoring this game which was locked so far. But rescanning it by Virustotal showed me at least 4 "positive results": Now this is still not secure because this game is "rare" and the big majority is still not detecting it. It happens sometimes, but the defender is usually rather "easy" on scanning with almost never "false positive" because it does not actually detect a lot. Maybe i even try to deactivate it because more hassles than gain it seems. I manually check unknown files using Virustotal anyway...

This game has been installed for a good amount of time already, not the first time it has been scanned, this detection is totally new.

What do users think?

https://ibb.co/NpjGxzs

Cant find out how to disable the "periodic scan"; guess MS on purpose did not want it to make it available the easy way. All the guides are useless because apparently my Windows is "different"; perhaps a update changed it.

Those four vendors aren't exactly known (as far as I can tell, can't see full names of those on the left), and the detections are behavioral. Or, more exactly, one doesn't list any details, two are clearly behavioral, and one lists it as grayware, so not specifically malware but potentially troublesome. Having some sort of tracker, sending "telemetry", a downloader for auto updates, not to mention anti-cheat stuff, all of those may trigger such behavioral detections, among many other things.

Depends on the method GOG used to make the game available. Some games use unofficial methods to link achievements with the Galaxy client. Some games have DRM or remnants of it hardcoded in the installation process.
It's a case-by-case as decided by each developer/publisher in question and possibly GOG through their installer or Galaxy client..

Updated for more visibility. No, the 4 who got a detection are not well known. In general i do not scan the GOG EXEs because i consider it "safe". I only scan stuff from potentially questionable sources or in general unknown files. So i can not say if it may become a issue on even more GOG games but the build in Windows defender at least did not start to become crazy on the hundreds of other games.

It is well known that many games got some critical behavior, for example "installing Securom or any other DRM-Rootkit inside a critical system location"... every sane virus scanner would detect it as a "malware", as it is able to create serious damage or at least it can become nearly non removable and the leftovers can over time decrease system stability. Because it has never been designed to run "inside the system" from MS, so it can be considered "junk food" for the system.

The loss of performance is not even critical for most gamers as they may simply reduce system settings and then they say "see, it runs very great for me... just had to turn stuff down aaa little". The truly critical thing is the loss of system stability because to much trash inside the system, over time. Then they are going to moan on a Steam review "my system was freezing or crashing"... whatelse, those are the true issues.

However, in usual the scanners got a digital signature for games from GOG and other locations, and they may declare those EXEs, if it has not been modified, as safe, even if some critical behavior (installing tracking telemetry or comparable) has been detected. Some exotic scanners... and even the MS scanner, may still not have all the signatures available.

There's no need, some virus scanners get super iffy about any kind of .exe and GOG is known for using some circumvention methods that scanners also don't like, your best option would to open a ticket to support and explain the problem, maybe they can do something about it

In the case of Baldr Sky, it could very well be a crack to bypass the original japanese DRM

Panda dome also warned for a virus in Parkitect dlcs something about gen/i win32 l. Not totaly sure if it was that. But it had to be a false positive on a fresh win 11

Any "gen" detection is also behavioral, stands for generic, it found something that seems to act like the listed kind of malware (for example a trojan for gen/trojan) but doesn't match any actual signature from the database.
Many security suites may automatically whitelist signed processes to bypass such behavioral checks, or, if connected, check on-line if something triggers a behavioral alert and automatically create a rule to allow it if it reached a certain threshold of users who reported it as safe (so if the program is new or rarely used by owners of that security suite, that check will fail). Personally I want security from a security suite, warning me of anything that has any chance of being iffy, and also allowing me to control and monitor my system and how programs behave beyond what may be actually seen as malware, so I don't want any such auto-bypassing, but those who prefer a set-and-forget environment or aren't used to looking things up themselves and deciding on a case by case basis will probably prefer to set things up in that manner, with auto-whitelisting, to greatly reduce these warnings.

A lot of antivirus software stopped bothering to define between a PuP and an actual virus. Back to work, you unproductive peon, stop playing that gnome tasering game!

Not sure what you mean exactly. The EXE from GOG should be DRM free already, unless they did improperly deactivate it so there are still many traces left. Other weird behavior is not known to me because this game is not a online game and is not using "telemetry", not that i know of.