Virus Total False Positives
Moderators: Dorian (MJT support), JRL
- Phil Pendlebury
- Automation Wizard
- Posts: 543
- Joined: Tue Jan 16, 2007 9:00 am
- Contact:
Virus Total False Positives
Hi there,
I have small script that I have compiled. It is a freeware application.
The community site that will distribute it requires 100% clearance from a Virus Total scan:
https://www.virustotal.com/gui/home/upload
I have uploaded a few times, including disabling UPX.exe and still there are a few things being flagged. Of course I know these are all false positives but the distro will not accept anything above 100% safe regardless of false positives.
I was wondering if anyone has any ideas how to get around this.
I tried to upload a screenshot here but there is no way to do that other than linking to external screenshot. But you can check this by simply compiling any short script with no special options and uploading it to the link above.
Bearing in mind this is freeware project but it is good for my profile.
Any thoughts appreciated.
Cheers.
I have small script that I have compiled. It is a freeware application.
The community site that will distribute it requires 100% clearance from a Virus Total scan:
https://www.virustotal.com/gui/home/upload
I have uploaded a few times, including disabling UPX.exe and still there are a few things being flagged. Of course I know these are all false positives but the distro will not accept anything above 100% safe regardless of false positives.
I was wondering if anyone has any ideas how to get around this.
I tried to upload a screenshot here but there is no way to do that other than linking to external screenshot. But you can check this by simply compiling any short script with no special options and uploading it to the link above.
Bearing in mind this is freeware project but it is good for my profile.
Any thoughts appreciated.
Cheers.
Phil Pendlebury - Linktree
- Phil Pendlebury
- Automation Wizard
- Posts: 543
- Joined: Tue Jan 16, 2007 9:00 am
- Contact:
Re: Virus Total False Positives
Hi guys, I could really do with some guidance on this one please.
Phil Pendlebury - Linktree
- Dorian (MJT support)
- Automation Wizard
- Posts: 1390
- Joined: Sun Nov 03, 2002 3:19 am
- Contact:
Re: Virus Total False Positives
Yes, we have a Custom Scripting Service. Message me or go here
- Phil Pendlebury
- Automation Wizard
- Posts: 543
- Joined: Tue Jan 16, 2007 9:00 am
- Contact:
Re: Virus Total False Positives
Thanks Dorian, I had read all that after searching the forum. So not entirely.
I fully understand all of it of course but take my example case:
Free Application for Gamers. So buying a certificate is out of the q.
Gaming site requires verification by a tool that uses hundreds of Virus Sigs form various other companies. I cannot really submit my app to every single one of them.
Just trying to figure if there is a way around it. I have tried compiled without obfuscation etc.
Cheers,
I fully understand all of it of course but take my example case:
Free Application for Gamers. So buying a certificate is out of the q.
Gaming site requires verification by a tool that uses hundreds of Virus Sigs form various other companies. I cannot really submit my app to every single one of them.
Just trying to figure if there is a way around it. I have tried compiled without obfuscation etc.
Cheers,
Phil Pendlebury - Linktree
- Dorian (MJT support)
- Automation Wizard
- Posts: 1390
- Joined: Sun Nov 03, 2002 3:19 am
- Contact:
Re: Virus Total False Positives
I think sadly the certificate probably is the solution whether the app is free or not. I had a similar issue when I wrote a free app that notified people when Covid tests were available in their area. After putting the time into writing it, it made me not bother publishing it.
Yes, we have a Custom Scripting Service. Message me or go here
- Phil Pendlebury
- Automation Wizard
- Posts: 543
- Joined: Tue Jan 16, 2007 9:00 am
- Contact:
Re: Virus Total False Positives
I wish I could afford a certificate and of course the time to figure out how it works...
Phil Pendlebury - Linktree
- Phil Pendlebury
- Automation Wizard
- Posts: 543
- Joined: Tue Jan 16, 2007 9:00 am
- Contact:
Re: Virus Total False Positives
Well good news is that after a very laborious process of submitting my installer to all the vendors that were producing false positives, I finally got the all clear.
I am still not sure if I will have to resubmit every time I update the application but we'll see.
https://flightsim.to/file/31716/admiral ... or-windows
I am still not sure if I will have to resubmit every time I update the application but we'll see.
https://flightsim.to/file/31716/admiral ... or-windows
Phil Pendlebury - Linktree
Re: Virus Total False Positives
I have had many false positives when trying to transport compiled scripts from either Email, Discord, other messaging, or Uploads.
My quick solution was to encrypt the Zip file so the transport mechanism cannot scan it and flag it. Then give the password to the end-user. The end user PC will still do one final scan but the user can control it then.
Its a shame all compile scripts by MS15 has been flagged by most AV as malware, really embarrassing when working with new clients.
My quick solution was to encrypt the Zip file so the transport mechanism cannot scan it and flag it. Then give the password to the end-user. The end user PC will still do one final scan but the user can control it then.
Its a shame all compile scripts by MS15 has been flagged by most AV as malware, really embarrassing when working with new clients.
- Phil Pendlebury
- Automation Wizard
- Posts: 543
- Joined: Tue Jan 16, 2007 9:00 am
- Contact:
Re: Virus Total False Positives
Encrypting was no use for me in this case as it is a specific distribution site that insists on the files being cleared by Virus Total. (Which I suppose is fair enough).
If you do this a lot, it is worth taking the time to contact the AV vendors. I was frankly surprised about how efficient and helpful they were, apart from one bunch of idiots who insisted that my installer should be flagged becuase it didn't add an "uninstall" shortcut to the start menu.
And after adding that and getting back to them they no longer replied.
However the latest installer does come up all clear now and this is quite a few builds (different version numbers too) later, so this procedure of mine may also have helped other users of complied MS15 scripts.
If you do this a lot, it is worth taking the time to contact the AV vendors. I was frankly surprised about how efficient and helpful they were, apart from one bunch of idiots who insisted that my installer should be flagged becuase it didn't add an "uninstall" shortcut to the start menu.
And after adding that and getting back to them they no longer replied.
However the latest installer does come up all clear now and this is quite a few builds (different version numbers too) later, so this procedure of mine may also have helped other users of complied MS15 scripts.
Phil Pendlebury - Linktree