Prevent virus false positives

Everything else that doesn't fall into one of the other PB categories.
dige
Addict
Addict
Posts: 1089
Joined: Wed Apr 30, 2003 8:15 am
Location: Germany
Contact:

Prevent virus false positives

Post by dige »

Just to inform you: I just noticed that you should'nt use the function GetShortPathName_() anymore, bcoz it triggers a lot of virus alerts..
"Daddy, I'll run faster, then it is not so far..."
Zach
Addict
Addict
Posts: 1654
Joined: Sun Dec 12, 2010 12:36 am
Location: Somewhere in the midwest
Contact:

Re: Prevent virus false positives

Post by Zach »

Seems like a never ending fight with that stuff. It's so aggravating
Image
User avatar
Lunasole
Addict
Addict
Posts: 980
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Prevent virus false positives

Post by Lunasole »

Yes, that's like AV-vendors mafia.

Antiviruses are useless today, as any modern OS itself, is protected against any cyber-threats enough, at least as for home usage. And almost every cyber-attack is performed using social-engineering/real world methods, or human errors of security personal -- "just a human"-factor anyway, or exploiting 0-day vulnerabilities not covered by AVs [or even vulnerabilities in AV itself], or by having built-in backdors in software/hardware delivered. In any of those cases any AV is obviously useless. So AV-vendors just selling security illusions for money (unlike security tools and methods which really working). And creating more problems for a legal coders, not to criminals.

Well that's I'm posting just to post.
What about false positive problem, signing a file still helps a lot. Which costs some money.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
BarryG
Addict
Addict
Posts: 1440
Joined: Thu Apr 18, 2019 8:17 am

Re: Prevent virus false positives

Post by BarryG »

Lunasole wrote:signing a file still helps a lot. Which costs some money.
Not true. See why here -> viewtopic.php?p=562339#p562339
User avatar
Lunasole
Addict
Addict
Posts: 980
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Prevent virus false positives

Post by Lunasole »

BarryG wrote:
Lunasole wrote:signing a file still helps a lot. Which costs some money.
Not true. See why here -> viewtopic.php?p=562339#p562339
Yes, it doesn't helps for 100%. But with certificate you surely have less problems than completely without it.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Bitblazer
Enthusiast
Enthusiast
Posts: 432
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Prevent virus false positives

Post by Bitblazer »

My current method is free and just costs a bit time/work and it manages to get new (homebrew) software to not get any false positives at all. Submit your file to a service like https://www.virustotal.com/ and if you have any false postives, you report the false positive to the engine vendor.

It just takes a bit of preparation and time as you have to do it with the final compilation. Just integrate it into your release schedule just like you have to do it with the documentation and installer steps.
fluent
User
User
Posts: 56
Joined: Sun Jan 24, 2021 10:57 am

Re: Prevent virus false positives

Post by fluent »

Bitblazer wrote:My current method is free and just costs a bit time/work and it manages to get new (homebrew) software to not get any false positives at all. Submit your file to a service like https://www.virustotal.com/ and if you have any false postives, you report the false positive to the engine vendor.

It just takes a bit of preparation and time as you have to do it with the final compilation. Just integrate it into your release schedule just like you have to do it with the documentation and installer steps.
Did you get the more obscure ones such as secureage APEX and Cylance to cooperate as well? I find these are the ones that generate the most false positives...
Bitblazer
Enthusiast
Enthusiast
Posts: 432
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Prevent virus false positives

Post by Bitblazer »

fluent wrote:Did you get the more obscure ones such as secureage APEX and Cylance to cooperate as well? I find these are the ones that generate the most false positives...
No, just other companies. I had no false positive from APEX or Cylance so far, so i did not have to contact them.
User avatar
skywalk
Addict
Addict
Posts: 3474
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: Prevent virus false positives

Post by skywalk »

I had many quarantines with Cylance.
You have to submit whitelist paths and exe's to work. Same for any sniffer.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
User avatar
kernadec
Enthusiast
Enthusiast
Posts: 131
Joined: Tue Jan 05, 2010 10:35 am

Re: Prevent virus false positives

Post by kernadec »

hello
I have no more problems with my anti virus
just put exceptions like this:
C:\Users\mypc\AppData\Local\Temp\PureBasic_Compilation*.exe
C:\Users\mypc\AppData\Local\Temp\PureBasic_Compilation**.exe
C:\Users\mypc\AppData\Local\Temp\PureBasic_Compilation***.exe
cordially
Bitblazer
Enthusiast
Enthusiast
Posts: 432
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Prevent virus false positives

Post by Bitblazer »

Or just set the compiler to create the executable in the source directory and exclude the rootpath of your sources from being scanned / surveyed.

ps : (kaspersky internet security german) "einstellungen / gefahren und ausnahmen" and purebasic : purebasic compiler options - "create temporary executable in the source directory"
Al_the_dutch
User
User
Posts: 53
Joined: Mon Nov 11, 2013 11:07 am
Location: Netherlands

Re: Prevent virus false positives

Post by Al_the_dutch »

Bitblazer wrote:Or just set the compiler to create the executable in the source directory and exclude the rootpath of your sources from being scanned / surveyed.

ps : (kaspersky internet security german) "einstellungen / gefahren und ausnahmen" and purebasic : purebasic compiler options - "create temporary executable in the source directory"
I use it too. But as for executable's that go to my customers, I use UPX as a tool. It compresses not only the exe but also the number of false-positives signifantly.
dige
Addict
Addict
Posts: 1089
Joined: Wed Apr 30, 2003 8:15 am
Location: Germany
Contact:

Re: Prevent virus false positives

Post by dige »

I have made the experience that compressing with UPX is already considered potentially dangerous.
"Daddy, I'll run faster, then it is not so far..."
BarryG
Addict
Addict
Posts: 1440
Joined: Thu Apr 18, 2019 8:17 am

Re: Prevent virus false positives

Post by BarryG »

Virus-scanners can detect UPX and just decompress the executable first, so it's not a problem to use UPX anymore. None of my exes get flagged when UPX'ed - they only get flagged for other stupid reasons, like reading the clipboard or creating files in its own folder. It's quite pathetic.
sq4
User
User
Posts: 97
Joined: Wed Feb 26, 2014 3:16 pm
Contact:

Re: Prevent virus false positives

Post by sq4 »

I have this program called "License_Generate.exe"
It uses Mail and FTP and PACK libs and it gets even put in quarantaine on my system (Win Defender).
So I thought it's perhaps due to those libs. (some smart-ass scan routine looking for WinApi calls concerning FTP/Mail 'n stuff...)

But no! It's ridiculously obvious : it is just the NAME.
The scanner says : Oh wait, it's called "Generate", must be a keygen...

The first thing I do nowadays, when not connected to the internet, is disable realtime security. Makes things run smoother too.
Post Reply