xsharp.eu

Hi,
I installed XSharp Cahors 2.13 - Public verion and my antivirus program detected a virus. What do you think about this?

Jacek

Hi Jacek,

Maybe MS do not like competition against VS

No idea why they flag this, but if you don't use XIDE, just delete it and you should be fine.

We suffer quite often under the problem that one of the many different virus scanners and -versions in the world signals an error in one of our dlls or exes. It happens even if the dlls are certified.
A good check is to open
https://www.virustotal.com/
and upload the program. It makes an immediate control with many virus scanners. If none of these or only the one you are using flags the file, then probably it is the virus scanner that did not the correct detection.

Arne

Hello Arne,

ArneOrtlinghaus post=24222 userid=367 wrote: A good check is to open
https://www.virustotal.com/
and upload the program. It makes an immediate control with many virus scanners. If none of these or only the one you are using flags the file, then probably it is the virus scanner that did not the correct detection.

That's a great link you provide. We created one program which is also available (and hence checked) for the Microsoft Store which is flagged as MachineLearning/Anomalous.96% by Malwarebytes. I once mailed them but they don't reply to that, I have to start some procedure.

There's absolutely nothing in my program which could trigger a virus scanner so my trust in Malwarebytes disappeared. I uploaded the program and apart from MalwareBytes and SecureAge, unknown to me, the other 70 scanners did not detect any problem. Hence this is also a good site to test the reliability of virus scanners.

Dick

Chris,

If a program file is not Code Signed, this may trigger a false-positive; this is from experience.
Also, programs that are obfuscated might also get flagged as containing viruses even though they are clean!

Jamal

Hi Jamal,

Yeah, I've also heard about .Net apps using Reflection (XIDE indeed uses that a lot) also triggering antiviruses. But I'm not really interested in fighting against all this mafness, if antiviruses want to flag XIDE, then so be it.

Even code signed programs are not treated always as "good programs" anymore.
We had cases where we had to ask the antivirus company explicitly to whitelist our signed programs.
But it is Ok to have some "False positives" some times. Better than having once one single "False negative" (an undetected virus).

Hi Arne,

In the past, we discussed Large Address Aware (LLA) for 32-bit programs. One issue which triggered the false-positive was that I code signed the program, however, during installation, I used a script to run a C# console app to update the VO EXE to be LAA. However, the code signing of the VO EXE got lost; and I verified this by looking for the Digital Signature in the Windows Explorer properties dialog of the VO program and it was gone. So, now I make the EXE LAA before bundling in the installer. In my case, this eliminated the virus issue.

Jamal

Hi Chris,

Do you code sign your XIDE program?

If not, I can understand, however, code signing builds trust that the program has not been tampered during transit with and it came from a trusted source.
I am usually very hesitant to install any program that is not code signed. The risk is just too high!

But I'm not really interested in fighting against all this mafness, if antiviruses want to flag XIDE, then so be it.

Jamal

Hi Jaml,

Indeed, no code signing, it does not even haven a proper "license agreement" or anything like that, it's purely a "use it if you really, really want to" thing.