Prevent virus false positives

[dige]

Just to inform you: I just noticed that you should'nt use the function GetShortPathName_() anymore, bcoz it triggers a lot of virus alerts..

[Zach]

Seems like a never ending fight with that stuff. It's so aggravating

[Lunasole]

Yes, that's like AV-vendors mafia.

Antiviruses are useless today, as any modern OS itself, is protected against any cyber-threats enough, at least as for home usage. And almost every cyber-attack is performed using social-engineering/real world methods, or human errors of security personal -- "just a human"-factor anyway, or exploiting 0-day vulnerabilities not covered by AVs [or even vulnerabilities in AV itself], or by having built-in backdors in software/hardware delivered. In any of those cases any AV is obviously useless. So AV-vendors just selling security illusions for money (unlike security tools and methods which really working). And creating more problems for a legal coders, not to criminals.

Well that's I'm posting just to post.
What about false positive problem, signing a file still helps a lot. Which costs some money.

[BarryG]

signing a file still helps a lot. Which costs some money.

Not true. See why here -> viewtopic.php?p=562339#p562339

[Lunasole]

signing a file still helps a lot. Which costs some money.

Not true. See why here -> viewtopic.php?p=562339#p562339

Yes, it doesn't helps for 100%. But with certificate you surely have less problems than completely without it.

[Bitblazer]

My current method is free and just costs a bit time/work and it manages to get new (homebrew) software to not get any false positives at all. Submit your file to a service like https://www.virustotal.com/ and if you have any false postives, you report the false positive to the engine vendor.

It just takes a bit of preparation and time as you have to do it with the final compilation. Just integrate it into your release schedule just like you have to do it with the documentation and installer steps.

[fluent]

My current method is free and just costs a bit time/work and it manages to get new (homebrew) software to not get any false positives at all. Submit your file to a service like https://www.virustotal.com/ and if you have any false postives, you report the false positive to the engine vendor.

It just takes a bit of preparation and time as you have to do it with the final compilation. Just integrate it into your release schedule just like you have to do it with the documentation and installer steps.

Did you get the more obscure ones such as secureage APEX and Cylance to cooperate as well? I find these are the ones that generate the most false positives...

[Bitblazer]

Did you get the more obscure ones such as secureage APEX and Cylance to cooperate as well? I find these are the ones that generate the most false positives...

No, just other companies. I had no false positive from APEX or Cylance so far, so i did not have to contact them.

[skywalk]

I had many quarantines with Cylance.
You have to submit whitelist paths and exe's to work. Same for any sniffer.

[kernadec]

hello
I have no more problems with my anti virus
just put exceptions like this:

C:\Users\mypc\AppData\Local\Temp\PureBasic_Compilation*.exe
C:\Users\mypc\AppData\Local\Temp\PureBasic_Compilation**.exe
C:\Users\mypc\AppData\Local\Temp\PureBasic_Compilation***.exe

cordially

[Bitblazer]

Or just set the compiler to create the executable in the source directory and exclude the rootpath of your sources from being scanned / surveyed.

ps : (kaspersky internet security german) "einstellungen / gefahren und ausnahmen" and purebasic : purebasic compiler options - "create temporary executable in the source directory"

[Al_the_dutch]

Or just set the compiler to create the executable in the source directory and exclude the rootpath of your sources from being scanned / surveyed.

ps : (kaspersky internet security german) "einstellungen / gefahren und ausnahmen" and purebasic : purebasic compiler options - "create temporary executable in the source directory"

I use it too. But as for executable's that go to my customers, I use UPX as a tool. It compresses not only the exe but also the number of false-positives signifantly.

[dige]

I have made the experience that compressing with UPX is already considered potentially dangerous.

[BarryG]

Virus-scanners can detect UPX and just decompress the executable first, so it's not a problem to use UPX anymore. None of my exes get flagged when UPX'ed - they only get flagged for other stupid reasons, like reading the clipboard or creating files in its own folder. It's quite pathetic.

[sq4]

I have this program called "License_Generate.exe"
It uses Mail and FTP and PACK libs and it gets even put in quarantaine on my system (Win Defender).
So I thought it's perhaps due to those libs. (some smart-ass scan routine looking for WinApi calls concerning FTP/Mail 'n stuff...)

But no! It's ridiculously obvious : it is just the NAME.
The scanner says : Oh wait, it's called "Generate", must be a keygen...

The first thing I do nowadays, when not connected to the internet, is disable realtime security. Makes things run smoother too.