Why does my anti-virus program think my programs are suspicious?
Members - Reputation: 3818
Posted 10 October 2012 - 11:33 PM
Does a straightforward hello world console program have the same issue ?
Edited by SimonForsman, 10 October 2012 - 11:33 PM.
The voices in my head may not be real, but they have some good ideas!
Members - Reputation: 287
Posted 11 October 2012 - 02:25 AM
std::cout << (int value) << std::endl;
as being a backdoor trojan. You can deal with it simply enough by disabling the anti-virus while you're developing, or finding a way to stop it from active scanning your projects folder. But when it comes time to release you'll probably have to test your executable against virus scanners for false positives. When it comes to releasing an executable in a world with crap virus scanners does anyone have any pre-release tips ? Because I'd like to hear them.
Members - Reputation: 256
Posted 11 October 2012 - 03:51 AM
Now you have to wait about a week and then check your files again(because usually the submitted files will be forwarded to the anti-virus companies and checked again more carefully).
If there are any false-positives after the week, you have to contact the company behind the scanner, for Example http://support.kaspe...b/helpdesk.html for the Kaspersky Scanners.
Has anyone experience with the effect of signing executables with false-positives?
Edited by Barbossa, 11 October 2012 - 03:54 AM.
Members - Reputation: 2047
Posted 11 October 2012 - 04:17 AM
It does show occasional false positives on some programs sometimes, but very very rarely. Usually it's a program like a CD ripper trying to get low level access to the drive.
Chances are good that what you see are still false positives, but my overall positive experience with Avast makes me think it isn't a bad idea to look into it anyway. It might still be that you really have some malware on your system that infected your compiler/linker or a library. As suggested above, Virustotal is a relatively easy way of verifying. It also displays the SHA-1 and MD5 of the respective files, so in case you didn't record hashes in the past, you can look them up there. If they're the same, it's highly unlikely that something has modified your compiler (or another program).
That said, the tip of turning off scanning for the development folder and the build tool folder is a good idea regardless of this issue, because live scanning and live defence usually makes a build 30-50% slower. It depends on your AV software (Kaspersky slows you down whenever KAV is installed, whether it scans or not), but for Avast it really makes a difference.
Members - Reputation: 237
Posted 11 October 2012 - 09:57 AM
Members - Reputation: 182
Posted 11 October 2012 - 01:25 PM
I sent them false positive reports for a few months every week and things seem to be fine now.
During that time I worked around it by placing a "glVertex2f(0, 0);" call at the beginning of my code which obviously did nothing because the opengl context wasn't even created but was enough to disrupt the flawed heuristics of antivir.
Maybe it works for you, too.
If it doesn't you could
-try to restructure your code
-use some exotic compile options
-use some virus-like habits to hide your code (e.g. encode your code and decode it when in use)
-or spam the developer of your antivirus software until he responds
Members - Reputation: 287
Posted 11 October 2012 - 06:03 PM
As to relevance to this post: If your virus scanner reports an exe you built as a virus, build another simple program to see if you can manage to build an exe that isn't detected to be a virus, just to make sure you don't have some serious form of infection in your pc.
Members - Reputation: 590
Posted 11 October 2012 - 07:37 PM
oh god thank you. I fixed it
No problem! That was annoying the crap out of me as well. Couldn't compile an application without it being flagged. Even Morrowind and Skyrim (Avast must not like Bethesda) were flagged. I was about to uninstall Avast.