PureBasic Forums - English

It's official: these anti-virus false-positives with PureBasic have gone beserk. I decided to make a small test exe in both PureBasic 5.71 and Visual Basic 5 Pro to see how AV companies view them at the end of 2019, and these are the VirusTotal results. I know it's just a small "hello, world" message box test, but still... this disappoints me greatly.

BTW, the Visual Basic 5 exe wasn't digitally signed either, so signing your exes to "reduce false positives" is simply not true in the real world.

PureBasic v5.71 (32-bit):



Visual Basic 5 Pro:

This doesnt mean anything.
Just because some crap/nonsense AV/s (most of them) detect/s something.

Its not PB fault its the AV/s fault!

I know it's the AV's fault - that's the entire point of my post. And it depresses me, because we're fighting a losing battle.

Hello,
The same code on pb 5.71 with options : thread and DPi in compiler and with version infos fill is 5 detections.

If the exe is signed with personal free certificat : 2 detections.

here : https://www.virustotal.com/gui/file/607 ... /detection

Changing compiler option can change the result.

On lazarus with the option WR : no detection.
With Delphi no detection. But the minimum exe size is 4 megas.

BarryG wrote:I know it's the AV's fault - that's the entire point of my post. And it depresses me, because we're fighting a losing battle.

Most of those AVs are not even relevant and with the very few big/halfway sane ones u can usually communicate.

drgolf wrote:If the exe is signed with personal free certificat : 2 detections.

Wait - you can get free certs? Please tell me more. How?

All these antivirus are not mainstream, it's not an issue.

FRED wrote:All these antivirus are not mainstream

It's not always the case
Me in my job, i receive a letter of administrator of the network enterprise, and he forcing me to never use PB on machine of the enterprise.
All that because NORTON see one virus in nearly all exe PB, and mainly with the IDE if i activate the debugger, and i not understand why
I writing to SYMANTEC, he adding the soft sending to him to the white list, and all the others continue to create virus alarm , and i have so much PB EXE, i can't send all of them, and mainly all the new temporary "PureBasic_Compilation0.exe, PureBasic_Compilation1.exe, etc..."
And like i have no right on my job machine, now, for continue to use PB, because nobody can force me to not use my PB LOVE, i use my personal PC for my job....
But i feel so alone with this problem, me against SYMANTEC and my direction

Unfortunately it's not New, the AVs keep pissing us off

The developers were already complaining in 2009 and before.
See this blog from Mai 2009, written by Nir Sofer, author of a great collection of small and useful freeware utilities

Antivirus companies cause a big headache to small developers

One way to get them to quit falsely accusing good programs of viruses is for the small developers to join together in a class action lawsuit. (Defamation?)
Unfortunately, they'd probably counter with the excuse they have a system in place to white list your program...

I've actually used that whitelist submission. We had an av a few years ago that flagged nearly 100 percent of my code, so I started submitting every exe. Finally, it became less needed, so I went back to whitelisting my folders.

ChrisR wrote:author of a great collection of small and useful freeware utilities

I did not know the famous Sysinternal have the same type of problem before be MICROSOFT
So.....the only one solution is to get us hired, at microsoft
Thanks for your interesting link

Tenaja wrote:Unfortunately, they'd probably counter with the excuse they have a system in place to white list your program...

Yes ...for resolve the "FALSE Positive"... the AV create a "FALSE solution"

One line of code, a comment; modern theme support off; compiled as an exe:
VirusTotal result: 18 false positives

https://www.virustotal.com/gui/file/aa6 ... /detection

Come on, this is crap. What can we do? I can't release my app like this. I know this is a do-nothing app, but the AV detection is obviously picking up something in those exe bytes/header that also matches my real-world app, because it's also getting around 20 false-positives.

Did you fill out the version and description fields or use a resource file?

ChrisR wrote:Unfortunately it's not New, the AVs keep pissing us off

I have also this problem with my PB developed programs.
I don't understand how AV programs works and also how .exe files are composed,
but how can these AV programs see that a .exe file is created / compiled with PB ??
Is PB compiler put some PB data in our .exe file ?
Can someone help me here.

thanks,
marc

One line of code, a comment; modern theme support off; compiled as an exe:
VirusTotal result: 18 false positives

Yes, but have you tried doing the same code in other languages (ie: C) ?
It is well known that poor AVs consider a small file size to be necessarily a virus.


For your test, now you know that you can tell people that these 18 """Antivirus""" must be exlued from test.

In many case, if the next 4 scanners say OK for a program, there is no need to go any further.
(alphabetical order)
- Avira
- BitDefender
- ESET-NOD32
- Kaspersky

It is therefore also necessary to stop taking this site for a reference: it does not make its selection work by quality.
Lack of quality cannot be replaced by an excess of quantity.

All the programs I do in PB have always gone to 100%. I don't know why, but here's how I do it:
- I code in pure basic syntax and PB function only (very few, if any, direct API calls).
- No direct modification of the registry
- Almost never pointers
- Entries are almost always made in standard Windows locations (ie: %AppData%).
- Large programs are packaged with InnoSetup and also use standard paths (ie: %ProgramFiles%, %ProgramData%).

Basic, Pure Basic, PureBasic