Symantec again false positive

Everything else that doesn't fall into one of the other PB categories.
User avatar
Mijikai
Addict
Addict
Posts: 1360
Joined: Sun Sep 11, 2016 2:17 pm

Re: Symantec again false positive

Post by Mijikai »

Can you exclude it from the heur scan?
Bitblazer
Enthusiast
Enthusiast
Posts: 733
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Symantec again false positive

Post by Bitblazer »

I dont know why you want to stay with that software after that amount of trouble again and again. Two better solutions have been presented to you :)
webpage - discord chat links -> purebasic GPT4All
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: Symantec again false positive

Post by Kwai chang caine »

@Mijikai
Hello Master :D
The worst is justly i can't test the exe, because when i run the code, the "PureBasic_Compilation0.exe" is immediately blocked and deleted :shock:

And a style of Christmas tree begin :
- Panel in the right bottom of the screen "Your attention is needed !!!"
- Another msgbox in the middle of the screen with a ListView inside with numerous bads things, like what it's a Heuristic virus, and bla bla bla .....
- Bells like the last day of the years sing in all the sense :evil:
- And the worst of all that, a message is immediately sending to the administrator, like what i'm a dangerous man in my own enterprise :|

For the moment i have no return of the administrator, but i'm nearly sure a day he writing me, and it's going to be my party :oops:
Image

@Bitblazer
Kcc wrote:Yes you have right, i hate NORTON, personnally i have no antivirus, just the native W10 :wink:
In fact, it's worst of that, it's not my machine, but in my enterprise, and i'm not administrator
viewtopic.php?p=539433#p539433
Believe me i have not the choice, i need eating like everybody and it's my enterprise since more than 35 years :cry:
ImageThe happiness is a road...
Not a destination
User avatar
skywalk
Addict
Addict
Posts: 3972
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: Symantec again false positive

Post by skywalk »

Depending on the size of the company and aggressiveness of its IT department, you can be limited to a handful of compiler options. Purebasic would require an exception or whitelisting. That entails providing a business justification. It would help a lot if Fantaisie was an ISO/IEC/IEEE 12207:2017 compliant company or it was open source with appropriate licenses. You can continue to prototype in PureBasic and deploy in C or Visual C++ or whatever is on the corporate approval list.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: Symantec again false positive

Post by Kwai chang caine »

The size is enormous....and the aggressiveness is more and more day after day, because we receive alert of real virus nearly each month, who attack the big networks :|
Since W10 come, i have all this problem :|
skywalk wrote:It would help a lot if Fantaisie was an ISO/IEC/IEEE 12207:2017 compliant company
It's a pity FRED since all this time not try to do something if it's possible :|
Surely too expensive for have this label ?
open source with appropriate licenses
I think it's impossible, and personally i understand that.
20 years of works, even with licenses, not everybody respect the rules :|
At the begining i have read the source of the IDE is open, and Fred see it in another place :shock: :?
Since this time....it's finish
You can continue to prototype in PureBasic and deploy in C or Visual C++ or whatever is on the corporate approval list.
You forget you talk to Kcc....
The programmer the less good of the west :D
It's my dream, but i need to change my brain before :mrgreen:

So thanks, to have give your advice Master :wink:
ImageThe happiness is a road...
Not a destination
Bitblazer
Enthusiast
Enthusiast
Posts: 733
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Symantec again false positive

Post by Bitblazer »

This sounds like the "intended" solution for symantec, to whitelist an unknown binary on a client machine : https://www.symantec.com/connect/forums ... -whitelist

How does whitelisting work for Visual C/C++/VBA or other binaries in your company? Something you may need to find out :)

Setup purebasic to create the executable inside the source directory instead of the temporary folder, then exclude all source directories from symantec (see https://www.symantec.com/connect/forums ... s-endpoint).
Purebasic IDE->compiler options->compile/run tab - [x] create temporary executable in the source directory
webpage - discord chat links -> purebasic GPT4All
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: Symantec again false positive

Post by Kwai chang caine »

How does whitelisting work for Visual C/C++/VBA or other binaries in your company?
Unfortunately i don't code in C/C++ so i don't know :oops:
Before with W7, i use VB6 without problem, but i have not try since i have W10
For VBA, i'm sure there are no problem, VBA is the only thing really allowed here :|
Setup purebasic to create the executable inside the source directory
I always do like that, but Norton found and kill it
then exclude all source directories from symantec
All the Symantec setup are locked by administrator, i can just see the log grow more and more, and crying :cry:
ImageThe happiness is a road...
Not a destination
User avatar
skywalk
Addict
Addict
Posts: 3972
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: Symantec again false positive

Post by skywalk »

I was not able to compile my source code in some corporate environments without submitting the following executables for white listing. Notice my installs are not in Program Files!
If you only white list your app, the antivirus will continue to block polink.exe, pbcompiler.exe, etc.

Code: Select all

C:\YourSourcePath\PureBasic_Compilation0.exe
C:\YourSourcePath\PureBasic_Compilation1.exe
C:\YourSourcePath\PureBasic_Compilation2.exe
C:\YourSourcePath\PureBasic_Compilation3.exe

C:\PureBasic-x64\
C:\PureBasic-x86\

C:\PureBasic-x64\SDK\Interface Importer\Interface Importer.exe
C:\PureBasic-x64\unins000.exe
C:\PureBasic-x64\Compilers\polink.exe
C:\PureBasic-x64\Compilers\porc.exe
C:\PureBasic-x64\PureBasic.exe
C:\PureBasic-x64\Compilers\FAsm.exe
C:\PureBasic-x64\Compilers\pbcompiler.exe
C:\PureBasic-x64\Compilers\PBDebugger.exe
C:\PureBasic-x64\SDK\PureUnit\PureUnit.exe
C:\PureBasic-x64\SDK\PureUnit\PureUnitGui.exe
C:\PureBasic-x64\SDK\DocMaker\DocMaker.exe
C:\PureBasic-x64\SDK\Header Converter\Header Converter.exe
C:\PureBasic-x64\SDK\DLL Importer\DLL Importer.exe
C:\PureBasic-x64\SDK\LibraryMaker.exe
C:\PureBasic-x64\Compilers\polib.exe

C:\PureBasic-x86\SDK\Interface Importer\Interface Importer.exe
C:\PureBasic-x86\unins000.exe
C:\PureBasic-x86\Compilers\FAsm.exe
C:\PureBasic-x86\Compilers\polink.exe
C:\PureBasic-x86\Compilers\porc.exe
C:\PureBasic-x86\PureBasic.exe
C:\PureBasic-x86\Compilers\pbcompiler.exe
C:\PureBasic-x86\Compilers\PBDebugger.exe
C:\PureBasic-x86\SDK\PureUnit\PureUnit.exe
C:\PureBasic-x86\SDK\PureUnit\PureUnitGui.exe
C:\PureBasic-x86\SDK\DocMaker\DocMaker.exe
C:\PureBasic-x86\SDK\Header Converter\Header Converter.exe
C:\PureBasic-x86\SDK\DLL Importer\DLL Importer.exe
C:\PureBasic-x86\SDK\LibraryMaker.exe
C:\PureBasic-x86\Compilers\Win9x\porc.exe
C:\PureBasic-x86\Compilers\polib.exe
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Symantec again false positive

Post by BarryG »

skywalk, rather than white-listing all the individual execuables, can't you just whitelist the base folder (C:\PureBasic-x64\) ? That's what I did for Windows Defender and it works great.
User avatar
skywalk
Addict
Addict
Posts: 3972
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: Symantec again false positive

Post by skywalk »

Yes. I was listing all the executables since not all users work with Defender. Some AVS's even require sha/crc's of executables to whitelist.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Symantec again false positive

Post by BarryG »

skywalk wrote:Some AVS's even require sha/crc's of executables to whitelist
Understood. Thanks for sharing the file list, then.
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: Symantec again false positive

Post by Kwai chang caine »

If you only white list your app, the antivirus will continue to block polink.exe, pbcompiler.exe, etc.
It's dead then :|
Like i can't manage something in NORTON console, i can't adding white list
Furthermore, send each exe is too long to do :cry:
And even if i send all the PB exe, one by one, to NORTON i'm not sure the problem is not always full, otherwise fred would have done that for a long time, if it was so simple
Thanks for your explanation 8)
ImageThe happiness is a road...
Not a destination
User avatar
NicTheQuick
Addict
Addict
Posts: 1224
Joined: Sun Jun 22, 2003 7:43 pm
Location: Germany, Saarbrücken
Contact:

Re: Symantec again false positive

Post by NicTheQuick »

Heuristics are the dumbest things ever. They won't catch any real good freshly created trojans or viruses, but they find all the other shit that's not a virus at all. I hate them. At least I am my own administrator at work.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: Symantec again false positive

Post by Kwai chang caine »

You have right 8)
Try to provide something not again arrived yet, already the weather cannot provide if the sun shine
Then how is possible to know all the combinations of bit supposedly dangerous ?
what difference is there between a keylogger to watch his children and one to steal the blue card number of the grandmother ? :mrgreen:

For the moment i not use the debugger, and i have less notifications ..
It's the only thing i have found , because sandbox need to be administrator of the machine :|
ImageThe happiness is a road...
Not a destination
User avatar
skywalk
Addict
Addict
Posts: 3972
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: Symantec again false positive

Post by skywalk »

Another approach is compile your PB code to dll, and build app with approved compilers.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Post Reply