Virus?

This forum is meant for questions and discussions about the X# language and tools
Post Reply
jacekm23
Posts: 16
Joined: Tue Sep 29, 2015 8:45 am
Location: Poland

Virus?

Post by jacekm23 »

Hi,
I installed XSharp Cahors 2.13 - Public verion and my antivirus program detected a virus. What do you think about this?

Jacek
Attachments
obraz_2022-10-19_215127796.png
obraz_2022-10-19_215127796.png (7.74 KiB) Viewed 959 times
User avatar
Chris
Posts: 4910
Joined: Thu Oct 08, 2015 7:48 am
Location: Greece

Virus?

Post by Chris »

Hi Jacek,

Maybe MS do not like competition against VS :) :) :)

No idea why they flag this, but if you don't use XIDE, just delete it and you should be fine.
Chris Pyrgas

XSharp Development Team
chris(at)xsharp.eu
User avatar
ArneOrtlinghaus
Posts: 412
Joined: Tue Nov 10, 2015 7:48 am
Location: Italy

Virus?

Post by ArneOrtlinghaus »

We suffer quite often under the problem that one of the many different virus scanners and -versions in the world signals an error in one of our dlls or exes. It happens even if the dlls are certified.
A good check is to open
https://www.virustotal.com/
and upload the program. It makes an immediate control with many virus scanners. If none of these or only the one you are using flags the file, then probably it is the virus scanner that did not the correct detection.

Arne
ic2
Posts: 1858
Joined: Sun Feb 28, 2016 11:30 pm
Location: Holland

Virus?

Post by ic2 »

Hello Arne,
ArneOrtlinghaus post=24222 userid=367 wrote: A good check is to open
https://www.virustotal.com/
and upload the program. It makes an immediate control with many virus scanners. If none of these or only the one you are using flags the file, then probably it is the virus scanner that did not the correct detection.
That's a great link you provide. We created one program which is also available (and hence checked) for the Microsoft Store which is flagged as MachineLearning/Anomalous.96% by Malwarebytes. I once mailed them but they don't reply to that, I have to start some procedure.

There's absolutely nothing in my program which could trigger a virus scanner so my trust in Malwarebytes disappeared. I uploaded the program and apart from MalwareBytes and SecureAge, unknown to me, the other 70 scanners did not detect any problem. Hence this is also a good site to test the reliability of virus scanners.

Dick
Jamal
Posts: 315
Joined: Mon Jul 03, 2017 7:02 pm

Virus?

Post by Jamal »

Chris,

If a program file is not Code Signed, this may trigger a false-positive; this is from experience.
Also, programs that are obfuscated might also get flagged as containing viruses even though they are clean!

Jamal
User avatar
Chris
Posts: 4910
Joined: Thu Oct 08, 2015 7:48 am
Location: Greece

Virus?

Post by Chris »

Hi Jamal,

Yeah, I've also heard about .Net apps using Reflection (XIDE indeed uses that a lot) also triggering antiviruses. But I'm not really interested in fighting against all this mafness, if antiviruses want to flag XIDE, then so be it.
Chris Pyrgas

XSharp Development Team
chris(at)xsharp.eu
User avatar
ArneOrtlinghaus
Posts: 412
Joined: Tue Nov 10, 2015 7:48 am
Location: Italy

Virus?

Post by ArneOrtlinghaus »

Even code signed programs are not treated always as "good programs" anymore.
We had cases where we had to ask the antivirus company explicitly to whitelist our signed programs.
But it is Ok to have some "False positives" some times. Better than having once one single "False negative" (an undetected virus). :angry: ;)
Jamal
Posts: 315
Joined: Mon Jul 03, 2017 7:02 pm

Virus?

Post by Jamal »

Hi Arne,

In the past, we discussed Large Address Aware (LLA) for 32-bit programs. One issue which triggered the false-positive was that I code signed the program, however, during installation, I used a script to run a C# console app to update the VO EXE to be LAA. However, the code signing of the VO EXE got lost; and I verified this by looking for the Digital Signature in the Windows Explorer properties dialog of the VO program and it was gone. So, now I make the EXE LAA before bundling in the installer. In my case, this eliminated the virus issue.

Jamal
Jamal
Posts: 315
Joined: Mon Jul 03, 2017 7:02 pm

Virus?

Post by Jamal »

Hi Chris,

Do you code sign your XIDE program?

If not, I can understand, however, code signing builds trust that the program has not been tampered during transit with and it came from a trusted source.
I am usually very hesitant to install any program that is not code signed. The risk is just too high!

But I'm not really interested in fighting against all this mafness, if antiviruses want to flag XIDE, then so be it.
Jamal
User avatar
Chris
Posts: 4910
Joined: Thu Oct 08, 2015 7:48 am
Location: Greece

Virus?

Post by Chris »

Hi Jaml,

Indeed, no code signing, it does not even haven a proper "license agreement" or anything like that, it's purely a "use it if you really, really want to" thing.
Chris Pyrgas

XSharp Development Team
chris(at)xsharp.eu
Post Reply