It is currently Sat Dec 14, 2019 10:36 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 33 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 10:23 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Sep 11, 2016 2:17 pm
Posts: 577
Can you exclude it from the heur scan?


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 2:47 pm 
Offline
Enthusiast
Enthusiast

Joined: Mon Apr 10, 2017 6:17 pm
Posts: 302
Location: Germany
I dont know why you want to stay with that software after that amount of trouble again and again. Two better solutions have been presented to you :)

_________________
webpage


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 5:22 pm 
Offline
Addict
Addict
User avatar

Joined: Sun Nov 05, 2006 11:42 pm
Posts: 4548
Location: Lyon - France
@Mijikai
Hello Master :D
The worst is justly i can't test the exe, because when i run the code, the "PureBasic_Compilation0.exe" is immediately blocked and deleted :shock:

And a style of Christmas tree begin :
- Panel in the right bottom of the screen "Your attention is needed !!!"
- Another msgbox in the middle of the screen with a ListView inside with numerous bads things, like what it's a Heuristic virus, and bla bla bla .....
- Bells like the last day of the years sing in all the sense :evil:
- And the worst of all that, a message is immediately sending to the administrator, like what i'm a dangerous man in my own enterprise :|

For the moment i have no return of the administrator, but i'm nearly sure a day he writing me, and it's going to be my party :oops:
Image

@Bitblazer
Kcc wrote:
Yes you have right, i hate NORTON, personnally i have no antivirus, just the native W10 :wink:
In fact, it's worst of that, it's not my machine, but in my enterprise, and i'm not administrator

viewtopic.php?p=539433#p539433
Believe me i have not the choice, i need eating like everybody and it's my enterprise since more than 35 years :cry:

_________________
ImageThe happiness is a road...
Not a destination


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 5:39 pm 
Offline
Addict
Addict
User avatar

Joined: Wed Dec 23, 2009 10:14 pm
Posts: 3153
Location: Boston, MA
Depending on the size of the company and aggressiveness of its IT department, you can be limited to a handful of compiler options. Purebasic would require an exception or whitelisting. That entails providing a business justification. It would help a lot if Fantaisie was an ISO/IEC/IEEE 12207:2017 compliant company or it was open source with appropriate licenses. You can continue to prototype in PureBasic and deploy in C or Visual C++ or whatever is on the corporate approval list.

_________________
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 6:08 pm 
Offline
Addict
Addict
User avatar

Joined: Sun Nov 05, 2006 11:42 pm
Posts: 4548
Location: Lyon - France
The size is enormous....and the aggressiveness is more and more day after day, because we receive alert of real virus nearly each month, who attack the big networks :|
Since W10 come, i have all this problem :|

skywalk wrote:
It would help a lot if Fantaisie was an ISO/IEC/IEEE 12207:2017 compliant company
It's a pity FRED since all this time not try to do something if it's possible :|
Surely too expensive for have this label ?

Quote:
open source with appropriate licenses
I think it's impossible, and personally i understand that.
20 years of works, even with licenses, not everybody respect the rules :|
At the begining i have read the source of the IDE is open, and Fred see it in another place :shock: :?
Since this time....it's finish

Quote:
You can continue to prototype in PureBasic and deploy in C or Visual C++ or whatever is on the corporate approval list.
You forget you talk to Kcc....
The programmer the less good of the west :D
It's my dream, but i need to change my brain before :mrgreen:

So thanks, to have give your advice Master :wink:

_________________
ImageThe happiness is a road...
Not a destination


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 6:59 pm 
Offline
Enthusiast
Enthusiast

Joined: Mon Apr 10, 2017 6:17 pm
Posts: 302
Location: Germany
This sounds like the "intended" solution for symantec, to whitelist an unknown binary on a client machine : https://www.symantec.com/connect/forums ... -whitelist

How does whitelisting work for Visual C/C++/VBA or other binaries in your company? Something you may need to find out :)

Setup purebasic to create the executable inside the source directory instead of the temporary folder, then exclude all source directories from symantec (see https://www.symantec.com/connect/forums ... s-endpoint).
Purebasic IDE->compiler options->compile/run tab - [x] create temporary executable in the source directory

_________________
webpage


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 7:07 pm 
Offline
Addict
Addict
User avatar

Joined: Sun Nov 05, 2006 11:42 pm
Posts: 4548
Location: Lyon - France
Quote:
How does whitelisting work for Visual C/C++/VBA or other binaries in your company?
Unfortunately i don't code in C/C++ so i don't know :oops:
Before with W7, i use VB6 without problem, but i have not try since i have W10
For VBA, i'm sure there are no problem, VBA is the only thing really allowed here :|

Quote:
Setup purebasic to create the executable inside the source directory
I always do like that, but Norton found and kill it
Quote:
then exclude all source directories from symantec
All the Symantec setup are locked by administrator, i can just see the log grow more and more, and crying :cry:

_________________
ImageThe happiness is a road...
Not a destination


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 7:53 pm 
Offline
Addict
Addict
User avatar

Joined: Wed Dec 23, 2009 10:14 pm
Posts: 3153
Location: Boston, MA
I was not able to compile my source code in some corporate environments without submitting the following executables for white listing. Notice my installs are not in Program Files!
If you only white list your app, the antivirus will continue to block polink.exe, pbcompiler.exe, etc.
Code:
C:\YourSourcePath\PureBasic_Compilation0.exe
C:\YourSourcePath\PureBasic_Compilation1.exe
C:\YourSourcePath\PureBasic_Compilation2.exe
C:\YourSourcePath\PureBasic_Compilation3.exe

C:\PureBasic-x64\
C:\PureBasic-x86\

C:\PureBasic-x64\SDK\Interface Importer\Interface Importer.exe
C:\PureBasic-x64\unins000.exe
C:\PureBasic-x64\Compilers\polink.exe
C:\PureBasic-x64\Compilers\porc.exe
C:\PureBasic-x64\PureBasic.exe
C:\PureBasic-x64\Compilers\FAsm.exe
C:\PureBasic-x64\Compilers\pbcompiler.exe
C:\PureBasic-x64\Compilers\PBDebugger.exe
C:\PureBasic-x64\SDK\PureUnit\PureUnit.exe
C:\PureBasic-x64\SDK\PureUnit\PureUnitGui.exe
C:\PureBasic-x64\SDK\DocMaker\DocMaker.exe
C:\PureBasic-x64\SDK\Header Converter\Header Converter.exe
C:\PureBasic-x64\SDK\DLL Importer\DLL Importer.exe
C:\PureBasic-x64\SDK\LibraryMaker.exe
C:\PureBasic-x64\Compilers\polib.exe

C:\PureBasic-x86\SDK\Interface Importer\Interface Importer.exe
C:\PureBasic-x86\unins000.exe
C:\PureBasic-x86\Compilers\FAsm.exe
C:\PureBasic-x86\Compilers\polink.exe
C:\PureBasic-x86\Compilers\porc.exe
C:\PureBasic-x86\PureBasic.exe
C:\PureBasic-x86\Compilers\pbcompiler.exe
C:\PureBasic-x86\Compilers\PBDebugger.exe
C:\PureBasic-x86\SDK\PureUnit\PureUnit.exe
C:\PureBasic-x86\SDK\PureUnit\PureUnitGui.exe
C:\PureBasic-x86\SDK\DocMaker\DocMaker.exe
C:\PureBasic-x86\SDK\Header Converter\Header Converter.exe
C:\PureBasic-x86\SDK\DLL Importer\DLL Importer.exe
C:\PureBasic-x86\SDK\LibraryMaker.exe
C:\PureBasic-x86\Compilers\Win9x\porc.exe
C:\PureBasic-x86\Compilers\polib.exe

_________________
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 11:20 pm 
Offline
Enthusiast
Enthusiast

Joined: Thu Apr 18, 2019 8:17 am
Posts: 449
skywalk, rather than white-listing all the individual execuables, can't you just whitelist the base folder (C:\PureBasic-x64\) ? That's what I did for Windows Defender and it works great.


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Wed Jul 31, 2019 11:44 pm 
Offline
Addict
Addict
User avatar

Joined: Wed Dec 23, 2009 10:14 pm
Posts: 3153
Location: Boston, MA
Yes. I was listing all the executables since not all users work with Defender. Some AVS's even require sha/crc's of executables to whitelist.

_________________
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Thu Aug 01, 2019 1:17 am 
Offline
Enthusiast
Enthusiast

Joined: Thu Apr 18, 2019 8:17 am
Posts: 449
skywalk wrote:
Some AVS's even require sha/crc's of executables to whitelist

Understood. Thanks for sharing the file list, then.


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Thu Aug 01, 2019 8:03 am 
Offline
Addict
Addict
User avatar

Joined: Sun Nov 05, 2006 11:42 pm
Posts: 4548
Location: Lyon - France
Quote:
If you only white list your app, the antivirus will continue to block polink.exe, pbcompiler.exe, etc.
It's dead then :|
Like i can't manage something in NORTON console, i can't adding white list
Furthermore, send each exe is too long to do :cry:
And even if i send all the PB exe, one by one, to NORTON i'm not sure the problem is not always full, otherwise fred would have done that for a long time, if it was so simple
Thanks for your explanation 8)

_________________
ImageThe happiness is a road...
Not a destination


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Thu Aug 01, 2019 9:07 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Jun 22, 2003 7:43 pm
Posts: 461
Location: Germany, Saarbrücken
Heuristics are the dumbest things ever. They won't catch any real good freshly created trojans or viruses, but they find all the other shit that's not a virus at all. I hate them. At least I am my own administrator at work.

_________________
Electronics, Crazy & Interesting Stuff, all that with text, image and sound? Click here!

The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Thu Aug 01, 2019 12:49 pm 
Offline
Addict
Addict
User avatar

Joined: Sun Nov 05, 2006 11:42 pm
Posts: 4548
Location: Lyon - France
You have right 8)
Try to provide something not again arrived yet, already the weather cannot provide if the sun shine
Then how is possible to know all the combinations of bit supposedly dangerous ?
what difference is there between a keylogger to watch his children and one to steal the blue card number of the grandmother ? :mrgreen:

For the moment i not use the debugger, and i have less notifications ..
It's the only thing i have found , because sandbox need to be administrator of the machine :|

_________________
ImageThe happiness is a road...
Not a destination


Top
 Profile  
Reply with quote  
 Post subject: Re: Symantec again false positive
PostPosted: Thu Aug 01, 2019 1:16 pm 
Offline
Addict
Addict
User avatar

Joined: Wed Dec 23, 2009 10:14 pm
Posts: 3153
Location: Boston, MA
Another approach is compile your PB code to dll, and build app with approved compilers.

_________________
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 33 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye