Just submitted my exe to https://www.hybrid-analysis.com to see what's triggering false-positives for it, and the results are insane.
Here's just some of the reasons that it says my app is "malware":
Contains ability to register hotkeys (duh!).
Contains ability to open the clipboard (come on, the user has to have some convenience!).
Contains ability to query the machine version (have to make sure my app is not on Win XP or lower).
Creates a writable file in a temporary directory (what's wrong with writing to %TEMP%?).
Scanning for window names (I was checking for "Progman" and "Shell_TrayWnd"; so what?).
Queries volume information (of a hard disk; I need its free space before doing a file copy!).
Found potential URL in binary/memory (it saw my PayPal link when the user wants to buy).
And many more things. This has convinced me that no matter what I do, my app will classed as malware by VirusTotal and the like. Not much I can do except stop coding.
Anyway, throw your exes at this URL to see what it reports. It's pretty shocking.
AV false-positive issues: try this site
-
Little John
- Addict
- Posts: 4527
- Joined: Thu Jun 07, 2007 3:25 pm
- Location: Berlin, Germany
Re: AV false-positive issues: try this site
Why should I do so? According to what you wrote, that seems just to be waste of time.BarryG wrote:Anyway, throw your exes at this URL to see what it reports.
-
DarkDragon
- Addict
- Posts: 2228
- Joined: Mon Jun 02, 2003 9:16 am
- Location: Germany
- Contact:
Re: AV false-positive issues: try this site
I guess it just lists possible reasons for detecting a virus, as the heuristics usually base on a combination of these things. It is not the actual reason.
bye,
Daniel
Daniel
Re: AV false-positive issues: try this site
If you're curious about why your exe gets flagged by false-positives, is obviously what I mean.Little John wrote:Why should I do so? According to what you wrote, that seems just to be waste of time.
-
Mindphazer
- Enthusiast
- Posts: 346
- Joined: Mon Sep 10, 2012 10:41 am
- Location: Savoie
Re: AV false-positive issues: try this site
The only and unique solution is : buy a Mac ! 
(if you're searching for me, i'm already out !!)
(if you're searching for me, i'm already out !!)
MacBook Pro 14" M1 Pro - 16 Gb - MacOS 14 - Iphone 15 Pro Max - iPad at home
...and unfortunately... Windows at work...
...and unfortunately... Windows at work...
-
Little John
- Addict
- Posts: 4527
- Joined: Thu Jun 07, 2007 3:25 pm
- Location: Berlin, Germany
Re: AV false-positive issues: try this site
That site obviously just tells complete nonsense.BarryG wrote:If you're curious about why your exe gets flagged by false-positives, is obviously what I mean.Little John wrote:Why should I do so? According to what you wrote, that seems just to be waste of time.
And I don't see how this can help solving the problem about false virus alerts.
Re: AV false-positive issues: try this site
It seemed to me that removing some of what it detects might reduce my false-positives... but then I realised half my code would be gone.Little John wrote:I don't see how this can help solving the problem about false virus alerts.