What if AV picks up Your LEGIT closed-source .exe?

Youresioure

full member

Activity: 162

Merit: 100

Reich mir die Hand

Quote from: cloverme on December 29, 2016, 11:22:31 PM

More than likely it's been picking up on the heuristics of what your code is doing and flagging that as an issue. Several compilers have workarounds to deal with it, as an example Dev-C++ is notorious for setting off AVG. You might want to consider changing your compiler as well to another one, often the signature of open source compilers (if you're using one) might use a consistent cpu flag that AV's are monitoring for. Check the support forums for your compiler and the support forums for your compiler, it's more than likely someone has the same issue as you do too. Grin

Fantastic, Thank You, @coverme! In fact, it was the compiler, which was a free software. Compiling the exactly same code in MS VS 2013 didn't trigger the AV. And I'd expect an open-source compiler to be more "AV friendly", simply because it's source code is known to them. But nah. I think, I'll stay with Visual Studio from now on.

BuySomeBitcoins

sr. member

Activity: 434

Merit: 253

Could you upload to virustotal and share the link ?

cloverme

legendary

Activity: 1512

Merit: 1057

SpacePirate.io

Quote from: Youresioure on December 25, 2016, 11:34:38 AM

I've come across this experience a few times, but I've experienced it at other, mainly new executables too. When it happened at me, I usually let the clients do detailed security analysis, for instance with Anubis, on it and uploaded as proof that my executable was legit. But that's an uncomfortable situation to go through. What should I do if one or more AV detects the .exe of my application as suspicious/malware (false positively)?

More than likely it's been picking up on the heuristics of what your code is doing and flagging that as an issue. Several compilers have workarounds to deal with it, as an example Dev-C++ is notorious for setting off AVG. You might want to consider changing your compiler as well to another one, often the signature of open source compilers (if you're using one) might use a consistent cpu flag that AV's are monitoring for. Check the support forums for your compiler and the support forums for your compiler, it's more than likely someone has the same issue as you do too. Grin

StewieG

hero member

Activity: 532

Merit: 500

Are you sure it is legit? More iinfo is needed, sure it has not been tampered on the way? Did you check the shasum? If it is some game crack then the warning might be legit. Most AVs do signature checking, meaning some part of your executable is similiar to one on their list. This can happen but is rather unlikely.

Youresioure

full member

Activity: 162

Merit: 100

Reich mir die Hand

Quote from: viziano on December 26, 2016, 04:10:29 PM

Many AV's do this..
I never knew how could I fix this.
Althouhg I'm not some of a good coder,just when I do some Visual Basic,it's always like a "virus" or whatever.
Gets annoying.

Yeah, it's so annoying when you're just developing some totally harmless software and the AV pops up saying it's very similar to idk what generic trojan when I'd be the happiest if I knew how to code such a malware.

Quote from: Deep In The Mines LLC on December 26, 2016, 04:36:50 PM

Scan it with virustotal, then report it to the AV's, virustotal shares the files and they get manually checked at some point so it will eventually reduce your false positives.

Thank you! That's actually a very good idea. It makes the report easier too since Virustotal shares it with multiple providers so you don't have to send your file to each provider one by one.

Deep In The Mines LLC

full member

Activity: 162

Merit: 100

Scan it with virustotal, then report it to the AV's, virustotal shares the files and they get manually checked at some point so it will eventually reduce your false positives.

viziano

full member

Activity: 168

Merit: 100

Many AV's do this..
I never knew how could I fix this.
Althouhg I'm not some of a good coder,just when I do some Visual Basic,it's always like a "virus" or whatever.
Gets annoying.

Youresioure

full member

Activity: 162

Merit: 100

Reich mir die Hand

Quote from: achow101 on December 25, 2016, 12:09:01 PM

There should be a way to report it as a false positive to the AV company.

Do they take such reports seriously? How much time could it take for them to fix the false detection since the date of requesting?

I'm asking this very important question because it could mean a disadvantage against the concurrent products that don't have this issue.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

There should be a way to report it as a false positive to the AV company.

Youresioure

full member

Activity: 162

Merit: 100

Reich mir die Hand

I've come across this experience a few times, but I've experienced it at other, mainly new executables too. When it happened at me, I usually let the clients do detailed security analysis, for instance with Anubis, on it and uploaded as proof that my executable was legit. But that's an uncomfortable situation to go through. What should I do if one or more AV detects the .exe of my application as suspicious/malware (false positively)?

Topic: What if AV picks up Your LEGIT closed-source .exe? (Read 858 times)