What is the main cause for SFML triggering anti-virus software?

[Me-Myself-And-I]

Hello, I was wondering if the main causes for SFML triggering anti-virus software could be improved upon in this respect. I'm not sure on what are all the causes for anti-virus false positives. Someone had suggested that the cause could be sf::Keyboard because this is detected as keylogging. Alternatively sf::Event does not get seen as such. As far as the keylogger mistake, I made a very simple function that just stores the event input so that an external function can detect a keypress.

Like so:

namespace Key
{
        bool keyStates[sf::Keyboard::KeyCount];


        bool Get(sf::Keyboard::Key key)
        {
                return keyStates[key];
               
        }
       
       
        void update(sf::Event &e)
        {
                //handle key press
                if (e.type == sf::Event::KeyPressed) {
            int keyCode = e.key.code;
            if (keyCode >= 0 && keyCode < sf::Keyboard::KeyCount) {
               
                keyStates[keyCode] = true;
            }
        }

        // Handle key release
        if (e.type == sf::Event::KeyReleased) {
            int keyCode = e.key.code;
            if (keyCode >= 0 && keyCode < sf::Keyboard::KeyCount) {
               
                                keyStates[keyCode] = false;
            }
        }
        }
       
};
 

I'm not aware if the problems with anti-virus false positives was fixed in SFML 3 or not but this is what I have for SFML 2. What do you think? Is sf::Keyboard only one of several issues or not. Or is sf::Keyboard not even the culprit?

[eXpl0it3r]

There isn't a singular cause. Anti-virus software uses lots and lots of different heuristics and code signatures. Whether your binary triggers such a heuristic is impossible to say or predict.
Signatures might match with some tool that used the same Windows API as SFML and that might already be enough.

Avoiding sf::Keyboard::isKeyPressed() and potentially sf::Mouse::getPosition() are a good idea, because they use "global" APIs and aren't restricted to a specific window, as such are often used for "spying" on the users. Which is why on macOS you need to explicitly granted monitoring access to the application to be able to utilize them and Wayland doesn't even directly offer certain functionality.

If you want your applications to not be flagged, you may submit it to virustotal and open false-positive reports with the AV companies that wrongly flag it.
If you're really serious about this, you can sign your application with a certificate, but this usually requires some sort of legal entity and money.

[Me-Myself-And-I]

Okay

[kojack]

For a long time now the Win32 function GetAsyncKeyState has triggered various antivirus programs, as it could be used as a keylogger.
SFML uses GetAsyncKeyState in both isKeyPressed and isMouseButtonPressed.

[Me-Myself-And-I]

Good to know.