Prevent virus false positives
Prevent virus false positives
Just to inform you: I just noticed that you should'nt use the function GetShortPathName_() anymore, bcoz it triggers a lot of virus alerts..
"Daddy, I'll run faster, then it is not so far..."
-
- Addict
- Posts: 1656
- Joined: Sun Dec 12, 2010 12:36 am
- Location: Somewhere in the midwest
- Contact:
Re: Prevent virus false positives
Seems like a never ending fight with that stuff. It's so aggravating
Re: Prevent virus false positives
Yes, that's like AV-vendors mafia.
Antiviruses are useless today, as any modern OS itself, is protected against any cyber-threats enough, at least as for home usage. And almost every cyber-attack is performed using social-engineering/real world methods, or human errors of security personal -- "just a human"-factor anyway, or exploiting 0-day vulnerabilities not covered by AVs [or even vulnerabilities in AV itself], or by having built-in backdors in software/hardware delivered. In any of those cases any AV is obviously useless. So AV-vendors just selling security illusions for money (unlike security tools and methods which really working). And creating more problems for a legal coders, not to criminals.
Well that's I'm posting just to post.
What about false positive problem, signing a file still helps a lot. Which costs some money.
Antiviruses are useless today, as any modern OS itself, is protected against any cyber-threats enough, at least as for home usage. And almost every cyber-attack is performed using social-engineering/real world methods, or human errors of security personal -- "just a human"-factor anyway, or exploiting 0-day vulnerabilities not covered by AVs [or even vulnerabilities in AV itself], or by having built-in backdors in software/hardware delivered. In any of those cases any AV is obviously useless. So AV-vendors just selling security illusions for money (unlike security tools and methods which really working). And creating more problems for a legal coders, not to criminals.
Well that's I'm posting just to post.
What about false positive problem, signing a file still helps a lot. Which costs some money.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Re: Prevent virus false positives
Not true. See why here -> viewtopic.php?p=562339#p562339Lunasole wrote:signing a file still helps a lot. Which costs some money.
Re: Prevent virus false positives
Yes, it doesn't helps for 100%. But with certificate you surely have less problems than completely without it.BarryG wrote:Not true. See why here -> viewtopic.php?p=562339#p562339Lunasole wrote:signing a file still helps a lot. Which costs some money.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Re: Prevent virus false positives
My current method is free and just costs a bit time/work and it manages to get new (homebrew) software to not get any false positives at all. Submit your file to a service like https://www.virustotal.com/ and if you have any false postives, you report the false positive to the engine vendor.
It just takes a bit of preparation and time as you have to do it with the final compilation. Just integrate it into your release schedule just like you have to do it with the documentation and installer steps.
It just takes a bit of preparation and time as you have to do it with the final compilation. Just integrate it into your release schedule just like you have to do it with the documentation and installer steps.
Re: Prevent virus false positives
Did you get the more obscure ones such as secureage APEX and Cylance to cooperate as well? I find these are the ones that generate the most false positives...Bitblazer wrote:My current method is free and just costs a bit time/work and it manages to get new (homebrew) software to not get any false positives at all. Submit your file to a service like https://www.virustotal.com/ and if you have any false postives, you report the false positive to the engine vendor.
It just takes a bit of preparation and time as you have to do it with the final compilation. Just integrate it into your release schedule just like you have to do it with the documentation and installer steps.
Re: Prevent virus false positives
No, just other companies. I had no false positive from APEX or Cylance so far, so i did not have to contact them.fluent wrote:Did you get the more obscure ones such as secureage APEX and Cylance to cooperate as well? I find these are the ones that generate the most false positives...
Re: Prevent virus false positives
I had many quarantines with Cylance.
You have to submit whitelist paths and exe's to work. Same for any sniffer.
You have to submit whitelist paths and exe's to work. Same for any sniffer.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Re: Prevent virus false positives
hello
I have no more problems with my anti virus
just put exceptions like this:
I have no more problems with my anti virus
just put exceptions like this:
cordiallyC:\Users\mypc\AppData\Local\Temp\PureBasic_Compilation*.exe
C:\Users\mypc\AppData\Local\Temp\PureBasic_Compilation**.exe
C:\Users\mypc\AppData\Local\Temp\PureBasic_Compilation***.exe
Re: Prevent virus false positives
Or just set the compiler to create the executable in the source directory and exclude the rootpath of your sources from being scanned / surveyed.
ps : (kaspersky internet security german) "einstellungen / gefahren und ausnahmen" and purebasic : purebasic compiler options - "create temporary executable in the source directory"
ps : (kaspersky internet security german) "einstellungen / gefahren und ausnahmen" and purebasic : purebasic compiler options - "create temporary executable in the source directory"
-
- User
- Posts: 66
- Joined: Mon Nov 11, 2013 11:07 am
- Location: Portugal
Re: Prevent virus false positives
I use it too. But as for executable's that go to my customers, I use UPX as a tool. It compresses not only the exe but also the number of false-positives signifantly.Bitblazer wrote:Or just set the compiler to create the executable in the source directory and exclude the rootpath of your sources from being scanned / surveyed.
ps : (kaspersky internet security german) "einstellungen / gefahren und ausnahmen" and purebasic : purebasic compiler options - "create temporary executable in the source directory"
Re: Prevent virus false positives
I have made the experience that compressing with UPX is already considered potentially dangerous.
"Daddy, I'll run faster, then it is not so far..."
Re: Prevent virus false positives
Virus-scanners can detect UPX and just decompress the executable first, so it's not a problem to use UPX anymore. None of my exes get flagged when UPX'ed - they only get flagged for other stupid reasons, like reading the clipboard or creating files in its own folder. It's quite pathetic.
Re: Prevent virus false positives
I have this program called "License_Generate.exe"
It uses Mail and FTP and PACK libs and it gets even put in quarantaine on my system (Win Defender).
So I thought it's perhaps due to those libs. (some smart-ass scan routine looking for WinApi calls concerning FTP/Mail 'n stuff...)
But no! It's ridiculously obvious : it is just the NAME.
The scanner says : Oh wait, it's called "Generate", must be a keygen...
The first thing I do nowadays, when not connected to the internet, is disable realtime security. Makes things run smoother too.
It uses Mail and FTP and PACK libs and it gets even put in quarantaine on my system (Win Defender).
So I thought it's perhaps due to those libs. (some smart-ass scan routine looking for WinApi calls concerning FTP/Mail 'n stuff...)
But no! It's ridiculously obvious : it is just the NAME.
The scanner says : Oh wait, it's called "Generate", must be a keygen...
The first thing I do nowadays, when not connected to the internet, is disable realtime security. Makes things run smoother too.