False positive antivirus warnings with provided software
Nov 7, 2014 12:20:41 GMT
Post by Herve Sors on Nov 7, 2014 12:20:41 GMT
Some executables I provide could occasionally raise false positive virus/threat warnings with some antivirus packages.
They may also block or alter download of some zip packages.
It is a known problem with some protection suites whose heuristic,AI or reputation based analyses mark some executables as positive (often Trojan:Win32/Azden.A!cl, Gen:Variant.Symmi.xxxxx, Heur.Win32, WS.Reputation.1, BehavesLike.Win32, Malware.QVM, etc).
It is often the case with SecureAge APEX, Cylance, ClamAV, Windows Defender and a few others but usually not with recognized and reliable security suites such as Avast, AVG, Comodo, F-Prot, Kaspersky, Malwarebytes, McAfee, SuperAntispyware, Symantec, TotalDefense, TrendMicro to name a few.
Note that Trojan:Win32/Azden.A!cl in Windows defender is a frequent example of a false positive which uses a reputation score that should be resolved after enough users have flagged the application as secure.
If you have a doubt, I suggest you perform an extensive online scan using one or several available scanners such as
Virustotal
Virscan
and compare the results taking into account the above false positive I've detected
My programs and computer are tested on a regular basis with at least 2 well-known antivirus software and are not infected.
I cannot pay expensive certificates for signing my exe files to provide more confidence for people downloading my software although this ends up not having so much effect on AV hits.
Sending a mail to antivirus providers each time a "new false positive" is observed is time-consuming and ineffective (an endless process considering their databases continuously change and I recompile my programs frequently)
Consequently, my answer will be: it's a false positive
If packages and executables I provide are blocked, the only solution for using them is to manually allow their download and let them run on your device
In case you still have a doubt, you may run programs first in a virtual protected environment just to put your mind at rest or simply decide not to use them at all.There's no other proposal I can do.
They may also block or alter download of some zip packages.
It is a known problem with some protection suites whose heuristic,AI or reputation based analyses mark some executables as positive (often Trojan:Win32/Azden.A!cl, Gen:Variant.Symmi.xxxxx, Heur.Win32, WS.Reputation.1, BehavesLike.Win32, Malware.QVM, etc).
It is often the case with SecureAge APEX, Cylance, ClamAV, Windows Defender and a few others but usually not with recognized and reliable security suites such as Avast, AVG, Comodo, F-Prot, Kaspersky, Malwarebytes, McAfee, SuperAntispyware, Symantec, TotalDefense, TrendMicro to name a few.
Note that Trojan:Win32/Azden.A!cl in Windows defender is a frequent example of a false positive which uses a reputation score that should be resolved after enough users have flagged the application as secure.
If you have a doubt, I suggest you perform an extensive online scan using one or several available scanners such as
Virustotal
Virscan
and compare the results taking into account the above false positive I've detected
My programs and computer are tested on a regular basis with at least 2 well-known antivirus software and are not infected.
I cannot pay expensive certificates for signing my exe files to provide more confidence for people downloading my software although this ends up not having so much effect on AV hits.
Sending a mail to antivirus providers each time a "new false positive" is observed is time-consuming and ineffective (an endless process considering their databases continuously change and I recompile my programs frequently)
Consequently, my answer will be: it's a false positive
If packages and executables I provide are blocked, the only solution for using them is to manually allow their download and let them run on your device
In case you still have a doubt, you may run programs first in a virtual protected environment just to put your mind at rest or simply decide not to use them at all.There's no other proposal I can do.