Hi,
I installed XSharp Cahors 2.13 - Public verion and my antivirus program detected a virus. What do you think about this?
Jacek
Virus?
- ArneOrtlinghaus
- Posts: 412
- Joined: Tue Nov 10, 2015 7:48 am
- Location: Italy
Virus?
We suffer quite often under the problem that one of the many different virus scanners and -versions in the world signals an error in one of our dlls or exes. It happens even if the dlls are certified.
A good check is to open
https://www.virustotal.com/
and upload the program. It makes an immediate control with many virus scanners. If none of these or only the one you are using flags the file, then probably it is the virus scanner that did not the correct detection.
Arne
A good check is to open
https://www.virustotal.com/
and upload the program. It makes an immediate control with many virus scanners. If none of these or only the one you are using flags the file, then probably it is the virus scanner that did not the correct detection.
Arne
Virus?
Hello Arne,
There's absolutely nothing in my program which could trigger a virus scanner so my trust in Malwarebytes disappeared. I uploaded the program and apart from MalwareBytes and SecureAge, unknown to me, the other 70 scanners did not detect any problem. Hence this is also a good site to test the reliability of virus scanners.
Dick
That's a great link you provide. We created one program which is also available (and hence checked) for the Microsoft Store which is flagged as MachineLearning/Anomalous.96% by Malwarebytes. I once mailed them but they don't reply to that, I have to start some procedure.ArneOrtlinghaus post=24222 userid=367 wrote: A good check is to open
https://www.virustotal.com/
and upload the program. It makes an immediate control with many virus scanners. If none of these or only the one you are using flags the file, then probably it is the virus scanner that did not the correct detection.
There's absolutely nothing in my program which could trigger a virus scanner so my trust in Malwarebytes disappeared. I uploaded the program and apart from MalwareBytes and SecureAge, unknown to me, the other 70 scanners did not detect any problem. Hence this is also a good site to test the reliability of virus scanners.
Dick
Virus?
Hi Jamal,
Yeah, I've also heard about .Net apps using Reflection (XIDE indeed uses that a lot) also triggering antiviruses. But I'm not really interested in fighting against all this mafness, if antiviruses want to flag XIDE, then so be it.
Yeah, I've also heard about .Net apps using Reflection (XIDE indeed uses that a lot) also triggering antiviruses. But I'm not really interested in fighting against all this mafness, if antiviruses want to flag XIDE, then so be it.
Chris Pyrgas
XSharp Development Team
chris(at)xsharp.eu
XSharp Development Team
chris(at)xsharp.eu
- ArneOrtlinghaus
- Posts: 412
- Joined: Tue Nov 10, 2015 7:48 am
- Location: Italy
Virus?
Even code signed programs are not treated always as "good programs" anymore.
We had cases where we had to ask the antivirus company explicitly to whitelist our signed programs.
But it is Ok to have some "False positives" some times. Better than having once one single "False negative" (an undetected virus).
We had cases where we had to ask the antivirus company explicitly to whitelist our signed programs.
But it is Ok to have some "False positives" some times. Better than having once one single "False negative" (an undetected virus).
Virus?
Hi Arne,
In the past, we discussed Large Address Aware (LLA) for 32-bit programs. One issue which triggered the false-positive was that I code signed the program, however, during installation, I used a script to run a C# console app to update the VO EXE to be LAA. However, the code signing of the VO EXE got lost; and I verified this by looking for the Digital Signature in the Windows Explorer properties dialog of the VO program and it was gone. So, now I make the EXE LAA before bundling in the installer. In my case, this eliminated the virus issue.
Jamal
In the past, we discussed Large Address Aware (LLA) for 32-bit programs. One issue which triggered the false-positive was that I code signed the program, however, during installation, I used a script to run a C# console app to update the VO EXE to be LAA. However, the code signing of the VO EXE got lost; and I verified this by looking for the Digital Signature in the Windows Explorer properties dialog of the VO program and it was gone. So, now I make the EXE LAA before bundling in the installer. In my case, this eliminated the virus issue.
Jamal
Virus?
Hi Chris,
Do you code sign your XIDE program?
If not, I can understand, however, code signing builds trust that the program has not been tampered during transit with and it came from a trusted source.
I am usually very hesitant to install any program that is not code signed. The risk is just too high!
Do you code sign your XIDE program?
If not, I can understand, however, code signing builds trust that the program has not been tampered during transit with and it came from a trusted source.
I am usually very hesitant to install any program that is not code signed. The risk is just too high!
JamalBut I'm not really interested in fighting against all this mafness, if antiviruses want to flag XIDE, then so be it.
Virus?
Hi Jaml,
Indeed, no code signing, it does not even haven a proper "license agreement" or anything like that, it's purely a "use it if you really, really want to" thing.
Indeed, no code signing, it does not even haven a proper "license agreement" or anything like that, it's purely a "use it if you really, really want to" thing.
Chris Pyrgas
XSharp Development Team
chris(at)xsharp.eu
XSharp Development Team
chris(at)xsharp.eu