AV false-positive issues: try this site
Posted: Sat Dec 28, 2019 6:58 am
Just submitted my exe to https://www.hybrid-analysis.com to see what's triggering false-positives for it, and the results are insane.
Here's just some of the reasons that it says my app is "malware":
Contains ability to register hotkeys (duh!).
Contains ability to open the clipboard (come on, the user has to have some convenience!).
Contains ability to query the machine version (have to make sure my app is not on Win XP or lower).
Creates a writable file in a temporary directory (what's wrong with writing to %TEMP%?).
Scanning for window names (I was checking for "Progman" and "Shell_TrayWnd"; so what?).
Queries volume information (of a hard disk; I need its free space before doing a file copy!).
Found potential URL in binary/memory (it saw my PayPal link when the user wants to buy).
And many more things. This has convinced me that no matter what I do, my app will classed as malware by VirusTotal and the like. Not much I can do except stop coding.
Anyway, throw your exes at this URL to see what it reports. It's pretty shocking.
Here's just some of the reasons that it says my app is "malware":
Contains ability to register hotkeys (duh!).
Contains ability to open the clipboard (come on, the user has to have some convenience!).
Contains ability to query the machine version (have to make sure my app is not on Win XP or lower).
Creates a writable file in a temporary directory (what's wrong with writing to %TEMP%?).
Scanning for window names (I was checking for "Progman" and "Shell_TrayWnd"; so what?).
Queries volume information (of a hard disk; I need its free space before doing a file copy!).
Found potential URL in binary/memory (it saw my PayPal link when the user wants to buy).
And many more things. This has convinced me that no matter what I do, my app will classed as malware by VirusTotal and the like. Not much I can do except stop coding.
Anyway, throw your exes at this URL to see what it reports. It's pretty shocking.
