What if AV picks up Your LEGIT closed-source .exe?

[Youresioure]

I've come across this experience a few times, but I've experienced it at other, mainly new executables too. When it happened at me, I usually let the clients do detailed security analysis, for instance with Anubis, on it and uploaded as proof that my executable was legit. But that's an uncomfortable situation to go through. What should I do if one or more AV detects the .exe of my application as suspicious/malware (false positively)?

[1713296790]

1713296790

[achow101]

There should be a way to report it as a false positive to the AV company.

[Youresioure]

There should be a way to report it as a false positive to the AV company.

Do they take such reports seriously? How much time could it take for them to fix the false detection since the date of requesting?

I'm asking this very important question because it could mean a disadvantage against the concurrent products that don't have this issue.

[viziano]

Many AV's do this..
I never knew how could I fix this.
Althouhg I'm not some of a good coder,just when I do some Visual Basic,it's always like a "virus" or whatever.
Gets annoying.

[Deep In The Mines LLC]

Scan it with virustotal, then report it to the AV's, virustotal shares the files and they get manually checked at some point so it will eventually reduce your false positives.

[Youresioure]

Many AV's do this..
I never knew how could I fix this.
Althouhg I'm not some of a good coder,just when I do some Visual Basic,it's always like a "virus" or whatever.
Gets annoying.

Yeah, it's so annoying when you're just developing some totally harmless software and the AV pops up saying it's very similar to idk what generic trojan when I'd be the happiest if I knew how to code such a malware.

Scan it with virustotal, then report it to the AV's, virustotal shares the files and they get manually checked at some point so it will eventually reduce your false positives.

Thank you! That's actually a very good idea. It makes the report easier too since Virustotal shares it with multiple providers so you don't have to send your file to each provider one by one.

[StewieG]

Are you sure it is legit? More iinfo is needed, sure it has not been tampered on the way? Did you check the shasum? If it is some game crack then the warning might be legit. Most AVs do signature checking, meaning some part of your executable is similiar to one on their list. This can happen but is rather unlikely.

[cloverme]

I've come across this experience a few times, but I've experienced it at other, mainly new executables too. When it happened at me, I usually let the clients do detailed security analysis, for instance with Anubis, on it and uploaded as proof that my executable was legit. But that's an uncomfortable situation to go through. What should I do if one or more AV detects the .exe of my application as suspicious/malware (false positively)?

More than likely it's been picking up on the heuristics of what your code is doing and flagging that as an issue. Several compilers have workarounds to deal with it, as an example Dev-C++ is notorious for setting off AVG. You might want to consider changing your compiler as well to another one, often the signature of open source compilers (if you're using one) might use a consistent cpu flag that AV's are monitoring for. Check the support forums for your compiler and the support forums for your compiler, it's more than likely someone has the same issue as you do too. 

[BuySomeBitcoins]

Could you upload to virustotal and share the link ?

[Youresioure]

More than likely it's been picking up on the heuristics of what your code is doing and flagging that as an issue. Several compilers have workarounds to deal with it, as an example Dev-C++ is notorious for setting off AVG. You might want to consider changing your compiler as well to another one, often the signature of open source compilers (if you're using one) might use a consistent cpu flag that AV's are monitoring for. Check the support forums for your compiler and the support forums for your compiler, it's more than likely someone has the same issue as you do too. 

Fantastic, Thank You, @coverme! In fact, it was the compiler, which was a free software. Compiling the exactly same code in MS VS 2013 didn't trigger the AV. And I'd expect an open-source compiler to be more "AV friendly", simply because it's source code is known to them. But nah. I think, I'll stay with Visual Studio from now on.