PureBasic Forums - English

Do you know what i think is the most best way to get symantec stop bugging us user of PB. Is to put a claim from all of us to them. to say they are false claiming a virus. So what they do is Discriminate use as PB users. And that they have to stop it. If they do not stop. Then we users must put a compensation claim at them because we can not earn money on the software we make.

When they say its not there fault then they are wrong. Because they can redesign the examination of the fingerprint of the sorftware to see its from PB.
I do know they got a claim from the Group of BlitzBasic and the judge give BB right. So All the AV companys had chainged the look at the software and never say thay software made by BB are a virus. Even when you write a piece of code that change the Registry to do faulty things the AV do not give that a virus warning.

To be short blame the AV companys that they are at wrong and that they are dicriminate. If we can do that we have won.

I'm still trying to overcome this false positive bullsh*t from anti-virus companies.

So, today I wondered what would happen if I took my exe, stripped off the leading "M" in the file header, and wrote a batch file to restore the "M" and then launch the exe. The idea being that the anti-virus scanners wouldn't recognise the download as an executable, to reduce false-positives when people are downloading it.

Amazingly, that part worked! Here's my zipped exe before my trick:



And here's my zipped exe after being stripped:



Pretty amazing results, eh? This would be the zip version that I'd host on my website, as it appears 100% clean to anyone downloading it, with no anti-virus warnings about malware. Sounds great, right?

WRONG. After unzipping and running the batch file to recreate the exe, my virus-scanner (Avast) blocked it from running. Dammit.

Anyway, to recreate the cropped exe from a batch file, all I did was load the compiled exe into a hex editor and cut the leading "M" (first byte) from the file, and saved the cropped file back to disk with a name of "body" (no extension). Then I just put this batch file in the same folder with it, which is run to recreate and launch the restored exe:
Not sure what to try next, but at least half the problem is solved (the hosting bit).

Just updated to the latest Windows 10 17083 and Windows Defender is now marking compiled files as trojans. Needless to say, I installed another security suite that works properly.

My favorite AV program just flagged one of my executables as a trojan. Even lowering the heuristics on the AV didn't seem to make a difference either. So, I contacted the AV manufacturer and calmly described the problem to them. Within a couple of hours, they had the fix in place!

When I tried the AV against my executable again there were no problems! Until we have some sort of collective solution, the best thing we can do is persistently and calmly reach out to each and every AV manufacturer that flags our software and tell them about the False Positive. Most of the recognized AV manufacturers will cooperate with you.

Here is a list of links for reporting AV False Positives:

Avast
https://www.avast.com/en-us/false-posit ... e-form.php

AVG
https://secure.avg.com/submit-sample

SonicWall
https://www.sonicwall.com/en-us/support ... 4597803818

Webroot
https://www.webrootanywhere.com/servicewelcome.asp

Symantec/Norton
https://submit.symantec.com/false_positive/

Here is an even more exhaustive list of false positive reporting (from Gizmo's Freeware):
https://www.techsupportalert.com/conten ... ll_Vendors

Just saw that Steam has a post about false-positives becoming an issue in their store, so it may be a good idea to refer any of our own customer queries to Steam's post, to demonstrate to them that your software is safe and that "even Steam suffers the issue". Here's the URL:

https://support.steampowered.com/kb_art ... -MVDP-3638

Great to finally be able to prove to customers that even the "big guns" suffer anti-virus issues.