Click here to Skip to main content
15,395,897 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Twice in a short time I got a false alarm, which costs me (down)time.
Once I could deduce that a dropbox link (containing the string eqh9vf7y23mta2w) was the cause, in the other case I have no idea at all. The threats were deemed severe, so the compiled programs simply disappeared, not, though, before being executed several times.

This can pop up on you at any time by any (imo stupid or at least complacently superficial) 'security intelligence' update, so it would help greatly to be able to pinpoint the offending bytes to try change them either as data or through a minimal program change.
Off course I gave feedback, but that doesn't help a lot, and certainly not quickly.

I would highly wellcome advice in this.
Thanks,
Jan

What I have tried:

Feedback and lucky deduction by a macro defined variation, where only 1 out of 3 was tagged as a virus.
Posted
Updated 14-Sep-21 12:26pm
Comments
Richard MacCutchan 14-Sep-21 7:47am
   
You need to ask Microsoft.
Rick York 14-Sep-21 12:56pm
   
There is a good probability that there is nothing you can do to your program that would make any difference to this issue. Your best bet might be to add the programs that were deleted to a "white list."
Jan Heckman 15-Sep-21 3:43am
   
I have been able to change one of the programs in question, and quite trivially, to avoid virus branding; it is just hard to find where to do this.

We can't say, and wouldn't if we could - and probably MS won;t either, as that could help virus writers to bypass the checks.

However if you talk to them, they may be able to accept a sample project and EXE file from you and do more advanced checking on it to avoid such false positives in future.
You'll need to talk to them yourself though - I have no idea who would be the best person to talk to - start with tech support and see how far you get.

Or change your code to produce a different EXE.
   
Some windowless apps, which are not services, are thrown into this category. Quiet easy to determine: Has WinMain entry but does not have CreateWindow() calls.
   
Comments
Jan Heckman 15-Sep-21 3:45am
   
What 'category' do you mean? Just as an aside, the programs are C++ console apps compiled and linked with VS 2022 preview.
steveb 15-Sep-21 8:41am
   
Category of "Viruses". There is no need for a Windows app to run stealthily if it is not a service. And it is determined via link table in the executable
Jan Heckman 15-Sep-21 12:01pm
   
there is no issue of stealthiness involved at all; I cannot see how you got that impression.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900