View Full Version : False Positive by Symantec Anti-Virus pgm
NewsArchive
02-23-2016, 02:25 AM
We are all of the sudden being flagged as a program with a virus on a
client's Windows 2012 server running Symantec Anti-virus software.
Anyone else have this problem and know what causes it and how we can fix it?
We use Nettalk, could a recent change in a version be causing an issue?
Kevin Erskine
www.Software-By-Ragazzi.com
Queen Creek, AZ, USA
NewsArchive
02-23-2016, 02:26 AM
Is the EXE codesigned?
Kelvin Chua
NewsArchive
02-23-2016, 02:26 AM
codesigned? Not sure what you mean.
But it is not a signed\certificate program
Kevin Erskine
www.Software-By-Ragazzi.com
Queen Creek, AZ, USA
NewsArchive
02-23-2016, 02:26 AM
> But it is not a signed\certificate program
Kevin,
If the app is not code signed in this day and time it certainly can make it
hard on you as there is no credibility behind the EXE.
This is typically done with a certificate from Comodo that you get the best
deal on through Lindersoft and applied with their SetupBuilder program as
you create the installer.
Then you have any program that is attempting to write to a protected file
area (such as under Program Files or even an INI write to the Windows
folder) that raises red flags as well. Of course those are easy fixes with
our ProPath templates.
It is hard enough to stay off the "we think your app is a virus" list if
you're playing by all the rules, but even harder if you're not.
Virus detection software is absolute crap for the most part and most of the
companies couldn't detect a real virus if it was crawling up their behind -
so they generate "false positives" at the first sign of anything not
considered normal for serious software developers these days.
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProScan, ProImage, ProPath and other Clarion
developer tools!
www.solidsoftware.com - ImageEx and RichReport templates!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
02-23-2016, 02:27 AM
Charles;
Thank you for the insights.
Our program is hosted on our server and accessed by our clients using RDP.
We do no do any installation. We just copy the EXE to the live path for each
client and the clients use it.
I am very ignorant about certificates etc. and have never dealt with this.
Not sure what to do next. Symantec gave us a patch to help with the problem
but they say every time we install a new EXE we might have to apply the
patch again.
Kevin Erskine
www.Software-By-Ragazzi.com
Queen Creek, AZ, USA
NewsArchive
02-23-2016, 02:28 AM
Kevin,
> Not sure what to do next. Symantec gave us a patch to help with the
> problem but they say every time we install a new EXE we might have to
> apply the patch again.
Exactly what Charles said.
In general, a Code-Signing Certificate will help you gain reputation for
your products and trust from your users. It will also inform protection
software products and internal Windows phishing and malware filter that your
application is trustworthy instead of a suspicious "Undefined" or "Unknown"
author/publisher program.
All modern protection software systems check your code-signature status
before doing anything else. If there is no code-signature at all then it is
flagged as potentially malicious. BTW, it takes time for a Code-Signing
Certificate to gain a positive reputation and may still be flagged by some
protection products. Most protection software vendors will then fix the
"false-positive" based on the status and reputation of your (SHA-2)
code-signing certificate.
Friedrich
--
Friedrich Linder
Lindersoft | SetupBuilder | www.lindersoft.com
954.252.3910 (within US) | +1.954.252.3910 (outside US)
--SetupBuilder "point. click. ship"
--Helping You Build Better Installations
--Create Windows 10 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.