Prevent my program from being flagged as malware

Posted by user120242 on Stack Overflow See other posts from Stack Overflow or by user120242
Published on 2010-04-01T04:24:50Z Indexed on 2010/04/01 4:33 UTC
Read the original article Hit count: 276

Filed under:

antivirus

|

false-positive

|

deployment

I know that this kind of behavior should be avoided in a publicly deployed program, but it's necessary. I do some hooking of process creation and file/registry I/O, and unpacking. I still trip a heuristic here and there, and I'm worried about future detections.

Could I just contact as many AV vendors as I can, submit my program, and provide a link to my program being served publicly? Would it be possible to convince AV vendors to "whitelist" it? Does anyone perhaps have a list of places to submit false positives?

Another problem I have is with people who don't update their malware scanners. There seems to be many people who just have old malware defintions and never bother to update. Is there anything that can be done about this? Or, if not, a way to check older definitions so I can locate what is being tripped, so I can try to avoid using that code?

© Stack Overflow or respective owner

Related posts about antivirus

Antivirus Free Antivirus Download

as seen on Dot net Slackers - Search for 'Dot net Slackers'
Many computer problems are caused by viruses and malware on your computer. The best and easiest way to correct this is to use a recognized antivirus and keep it updated. Antivirus free download at: http://antivirus-freedownloads.blogspot.com Links Web Content: http://antivirus-freedownloads.blogspot… >>> More
How to Use An Antivirus Boot Disc or USB Drive to Ensure Your Computer is Clean

as seen on How to geek - Search for 'How to geek'
If your computer is infected with malware, running an antivirus within Windows may not be enough to remove it. If your computer has a rootkit, the malware may be able to hide itself from your antivirus software. This is where bootable antivirus solutions come in. They can clean malware from outside… >>> More
Download Free Norton Antivirus 2012 with 6 months subscription

as seen on Tech Dreams - Search for 'Tech Dreams'
Norton, one of the most popular antivirus software Antivirus is now available as a free download with 6 months of subscription. Thanks to Facebook for teaming up with Symantec and providing Norton Antivirus 2012 for free to all its users. To grab your copy of Free antivirus, point your browser to… >>> More
How to get infected with Antivirus 2010

as seen on Super User - Search for 'Super User'
I know that this is the exact oposite of the question most people ask as it is a royal pain to remove. I hope this isn't flagged as me wanting to infect other people. I know my mom almost installed it but it was running firefox so she unknowingly downloaded it 10 times but didn't install it. I… >>> More
Why do I need an antivirus?

as seen on Super User - Search for 'Super User'
I am computer literate I don't run executables from untrusted sources I don't connect to media (USB, CD-ROM, etc) from untrusted sources I receive and see emails with non-executable attachments (graphics, videos, etc) I keep up with windows updates I have a firewall with strict definitions I don't… >>> More

Related posts about false-positive

McAfee Secure Messaging Service / Postini: false positive?

as seen on Server Fault - Search for 'Server Fault'
Hello, I'm puzzled by this email message that gets quarantined by McAfee Secure Messaging Service (it's based on Postini) for no reason that I can think of. Here are the Postini headers: X-pstn-2strike: clear X-pstn-neptune: 0/0/0.00/0 X-pstn-levels: (S: 0.02932/98.63596 CV:99.9000 FC:95.5390… >>> More
How to disable mod_security2 rule (false positive) for one domain on centos 5

as seen on Server Fault - Search for 'Server Fault'
Hi I have mod_security enabled on a centos5 server and one of the rules is keeping a user from posting some text on a form. The text is legitimate but it has the words 'create' and an html <table> tag later in it so it is causing a false positive. The error I am receiving is below: [Sun Apr… >>> More
How to disable mod_security2 rule (false positive) for one domain on centos 5

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I have mod_security enabled on a centos5 server and one of the rules is keeping a user from posting some text on a form. The text is legitimate but it has the words 'create' and an html <table> tag later in it so it is causing a false positive. The error I am receiving is below: [Sun Apr… >>> More
xUnit false positive when comparing null terminated strings

as seen on Stack Overflow - Search for 'Stack Overflow'
I've come across odd behavior when comparing strings. First assert passes, but I don't think it should.. Second assert fails, as expected... [Fact] public void StringTest() { string testString_1 = "My name is Erl. I am a program\0"; string testString_2 = "My name is Erl. I am a program"; … >>> More
Prevent my program from being flagged as malware

as seen on Stack Overflow - Search for 'Stack Overflow'
I know that this kind of behavior should be avoided in a publicly deployed program, but it's necessary. I do some hooking of process creation and file/registry I/O, and unpacking. I still trip a heuristic here and there, and I'm worried about future detections. Could I just contact as many AV vendors… >>> More