Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programming and AV false positives


  • Please log in to reply
5 replies to this topic

#1 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 02 June 2014 - 11:07 AM

I was working on my replacement for a program that I've used for years.  This morning, I got the warning about "Win32:Evo-gen [Susp]", from AVAST.  I scratched my head, said a few unpleasant words, because I knew there was nothing wrong.  The issue was resolved, and here is basically what happened, and what resolved it.

function001
{
  Function001_code that works.
}

function002
{
  Function002_code, same as function001_code, but goes loads files into separate controls.  The only difference is the control names, and the file it loads.
}

1.  Function001 compiled and ran perfectly.
2.  Added function002, with the changes noted above.
3.  Attempted to compile, and AVAST gave warning of Win32:Evo-gen [Susp]. :ranting:   :smash:
4.  Removed function002 code.
5.  Compiled and ran perfectly.
6.  Copied function001 code into function002 (same code in different functions).
7.  Attempted to compile, and AVAST gave warning of Win32:Evo-gen [Susp] :ranting:   :smash:
8.  Removed function001 code from function002.
9.  Compiled and ran perfectly.
10.  Put the correct code in fucntion001 and function002.
11.  Attempted to compile, and AVAST gave warning of Win32:Evo-gen [Susp]. :ranting:   :smash:
11.  Moved function002 to end of source.
12.  Compiled and ran perfectly. :bananas: :bounce:

The bottom line, is that if you use AVAST (and maybe others, I don't know for sure), and you get a warning from the AV program, move the code around, and that might help.

 

Hope this helps someone! :grinner:



BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:07 PM

Posted 02 June 2014 - 11:32 AM

Alternately, purchase a signing certificate and sign your code appropriately.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 02 June 2014 - 12:04 PM

The cost isn't worth it, being freeware.  The costs I've seen start at $169/year, up to $500-$700.  Just moving the offending function around is sufficient.



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:07 PM

Posted 03 June 2014 - 03:20 PM

Sure. But it is unlikely that you won't trigger other engines in that case. :)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Veitch

Veitch

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:07 AM

Posted 08 July 2014 - 02:39 AM

Alternatively you can send in your program to the AV company for whitelisting it. For AVAST it is: virus@avast.com

You might use virustotal.com to check if other AV scanners detect your program as well.



#6 Datcoolguy

Datcoolguy

  • Members
  • 303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 28 July 2014 - 04:05 PM

if that program you are compiling is intended for personal use only you could just leave it be and add it to the AV's exception list.


"If you don't understand how your computer works, you shouldn't be messing with it!"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users