Jump to content

False positive on empty app from developer


mark1122
 Share

Recommended Posts

Your virus checker is detecting an empty program as positive. I include the source code and exe and virustotal url scan. Can you please rectify this. Thankyou.

https://www.virustotal.com/gui/file/7b145239fe44f5e3400f59df73af57b9d0035cc0b669099f56a6ef8148cf102d/detection

source code and exe at https://filebin.net/7ux8tsnjvfqmw3l0

Link to post
Share on other sites

That is common. Apps made by single developer, probably in .NET Framework and without certificate, are flagged as false positive. 

If you're curious what should you do with false positive app, run it in monitored sandbox

 

Regards, Nquantum

Link to post
Share on other sites

Hi,

Our engine format and configuration in VirusTotal is different than our product's default configuration. In VirusTotal we use a command-line engine with more aggressive detection techniques and heuristics which might detect more than the commercial product. This is the norm with most if not all other antivirus vendors in VirusTotal.

This file isn't detected by our commercial products at the moment of writing this.

Link to post
Share on other sites

Thankyou for the answer, I will try the different version. 

As for the other answers, even if I sign the code it still detects. I think for a virus checker that flags signed code which is essentially an empty app is pretty bad and shows the lack of engineering that goes into the virus checker. I regard it as sloppy programming by the virus checker that puts the emphasis on the developer  to have to work round the some 75 virus checking programs available commercially.

I really think that virus checking companies need to use code that does not guess if an app is virus or not.

Thanks for the answers.

Link to post
Share on other sites

  • Staff

The heuristic engine is based on files that have anomalies. An empty vb program will fit that criteria and its not something seen in the wild normally. We recommend excluding your working development directory for that reason as files under development are not something that would be seen in the real world as they are not complete. 

 

Link to post
Share on other sites

You would think by signing a finished app that it would pass through virus checkers, but it does not. Sort of negates the usefulness of going through getting a code cert from comodo.

The code submitted came.from a finished app that did not pass the virus check. I stripped the code down until.i found what the virus checker was picking up on, and it's that piece of code. Whether it's in a finished app and is code signed, it still flags as false positive.

Link to post
Share on other sites

Here's a other thing, I dispensed with having a virus checker on my 3 pcs about 4 years ago. Out of the 500000 or so virus out there, I think most are just false. I take.precautions in other ways, but checking virus total with finished apps, I now now most virus checkers just pick up on false positives rather than real virus now.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.