How to deal with anti virus software

From ISXKB

(Difference between revisions)
Jump to: navigation, search

Markus (Talk | contribs)
(New page: As everyone said over and over and over in numerous occasions, this is *not* an INNO problem, but the result of rather sucky assumptions by some AV developers resulting in ridiculous Fals...)
Newer edit →

Revision as of 12:00, 8 June 2011

As everyone said over and over and over in numerous occasions, this is *not* an INNO problem, but the result of rather sucky assumptions by some AV developers resulting in ridiculous False Positive detection rates.

Since this questions continues to creep in, I thought we should post some suggestions and links, in hope that newsgroup searches avoid unnecessary questions & replies. My suggestions:


Upload all "infectable" files you distribute (exe, dll, ocx, doc, htm, chm, pdf, vbs, js,...) to http://virustotal.com where they will tested against 42 or so AV engines. If it is indeed a False Positive, save the report and send it along with the files to as many AV manufacturers as possible. These are the ones I know:


  • Symantec*

https://submit.symantec.com/dispute/security_risks/ Had 2 customers reporting FPs; as soon as they reported our soft as trustworthy in Sonar, we had no more problems. Sonar has a reputation-based risk evaluation system that, despite what they say in the article below, basically suspects of any program that has not been reported as safe by one of its registered customers. I believe your customer can turn Sonar off and report your app. as safe to symantec. I did it once and it was simple, but I can't remember the specifics, sorry. http://www.symantec.com/connect/blogs/reputation-based-security-suspiciousinsight-detections-virus-total

How to configure sonar to minimize false positives: http://www.symantec.com/connect/articles/how-configure-sonar-prevent-false-positive-detections


  • AVIRA*

http://analysis.avira.com/samples/index.php Had several customers reporting FPs; sent our soft to them (several versions) and they had a solution usually in less than 24 hours.


  • AVAST*

http://www.avast.com/contacts never had FP problems with AVAST, but when I reported a infected file it didn't detect, I never got a reply and didn't bother to check if it got included in later releases.


  • AVG*

http://samplesubmit.avg.com/us-en/false-detection no experience at all with AVG.


Digitally signing your code usually won't help in these cases but is a damn good idea.

Personal tools
Ads: