How to deal with anti virus software


Jump to: navigation, search

As everyone said over and over and over in numerous occasions, this is *not* an INNO problem, but the result of rather sucky assumptions by some AV developers resulting in ridiculous False Positive detection rates.

Since this questions continues to creep in, I thought we should post some suggestions and links, in hope that newsgroup searches avoid unnecessary questions & replies. My suggestions:

Upload all "infectable" files you distribute (exe, dll, ocx, doc, htm, chm, pdf, vbs, js,...) to where they will tested against 42 or so AV engines. If it is indeed a False Positive, save the report and send it along with the files to as many AV manufacturers as possible. These are the ones I know:

  • Symantec* Had 2 customers reporting FPs; as soon as they reported our soft as trustworthy in Sonar, we had no more problems. Sonar has a reputation-based risk evaluation system that, despite what they say in the article below, basically suspects of any program that has not been reported as safe by one of its registered customers. I believe your customer can turn Sonar off and report your app. as safe to symantec. I did it once and it was simple, but I can't remember the specifics, sorry.

How to configure sonar to minimize false positives:

  • AVIRA* Had several customers reporting FPs; sent our soft to them (several versions) and they had a solution usually in less than 24 hours.

  • AVAST* never had FP problems with AVAST, but when I reported a infected file it didn't detect, I never got a reply and didn't bother to check if it got included in later releases.

  • AVG* no experience at all with AVG.

Digitally signing your code usually won't help in these cases but is a damn good idea.

Personal tools