Jump to content
a_catalin

exe files generated by my program seen as false positives

Recommended Posts

Hi.

Sorry for my english.

I am a Delphi programmer.

Among the programs that I made is this one: http://forums.mydigi...or-Spoon-Studio

There you will find the program (ExeBuilder), sources and explanations about how it works.

Basically it takes a standard exe stored in resources, it changes it to load a exe file from the virtualized program made with Spoon Studio then adds icon(s) and informations from the original exe.

So it does the same thing as other programs like VMWare Thinapp.

The difference is that the exes made by VMWare Thinapp are not shown as infected.

Users who have some knowledge about computers will maybe understand that "Trojan.Agent/Gen-MSFake[Gen]" means that SUPERAntiSpyware thinks that the file is maybe infected but is not sure.

But there are users who don't know this and think it's infected.

I do not think it's correct that these exes should be seen as infected (even if it's a "generic/heuristic").

I attached a zip file with a modified exe that is seen infected + the original exe (before modification).

But, since you're also computer programmers, I think you'll understand fast what this program does (from its sources).

Could you please set SUPERAntiSpyware not to "see" the exe files generated by my program as infected..?

Thanks in advance for your help.

Merry Christmas, Catalin

Share this post


Link to post
Share on other sites

It's been more than 2 weeks with no reply from you and also no fix.

A few days ago I sent many of these exe files like it says here: https://www.superantispyware.com/supportfaqdisplay.html?faq=28

Also I tried to attach a rar compressed file (with these exe files) but it says "Error You aren't permitted to upload this kind of file". Zip file is permitted but it is much larger than a rar file and I exceed the 500 KB quota allocated for attachments on this forum.

The main problem is not that SUPERAntiSpyware is marking them as infected on my computer but that is saying to other users (on VirusTotal or on their computers) that some of the exe files generated by my program are infected.

The support teams for some of the other antiviruses have found a way so all exe files would be marked as "not infected", so it's possible to do this.

Could you please set SUPERAntiSpyware not to "see" the exe files generated by my program (maybe even for for any virtualized application made by Spoon Studio) as infected..?

Thank you.

Share this post


Link to post
Share on other sites

Did you ever get a response to this as I am getting similar problems. Today about 30 exes and dlls on my PC are being quarantined. Many (but not all) of these are files I have compiled with Delphi 7 but I think possibly all of them do have a delphi heritage.

I had a similar problem a couple of years ago when McAfee suddenly started reporting one of my executables as a virus. Their response to be fair was quick and they said sorry - our fault but not before an enormous amount of damage had been done to our end users and our reputation. The problem is that my software is used in a sensitive healthcare environment and the AV was set up to completely delete any virus without any prompt or warning.

I doubt that many of my end users are using SUPERAntiSpyware but there is a risk that the same scenario is about to happen again.

Any other Delphi programmers out there with similar issues?

I am only signed up to SUPERAntiSpyware on a trial basis but this is only the second day of my trial and it has not exactly filled me with confidence

Peter

Share this post


Link to post
Share on other sites

If you are a software vendor, you can use the vendor dispute form here:

https://www.superantispyware.com/vendordispute.html

Otherwise if you would like our definitions team to inspect the items being detected and correct them if applicable, you will need to use the built-in false positive reporter.

To restore quarantined items, open SUPERAntiSpyware, click Manage Quarantine, select the items and click the Restore button. On the next scan you can select the Allow/Trust option on the summary screen so the items will no longer be detected.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...