False Positive Issues
BlitzPlus Forums/BlitzPlus Programming/False Positive Issues
| ||
BlitzPlus executables are triggering false positives in many virus engines. At first I thought UPX was to blame, however a plain BlitzPlus exe is also triggering them. For example, I compiled the 'vsync_test.bb' demo in the Mak samples folder and sent it to virustotal... http://www.virustotal.com/file-scan/report.html?id=734818b2107010ce2d3a7b7b6ad5d2e8c0aadbbb9b1a22b9066eac666c4e9bdf-1284009424 I'm getting a 19% result with my own code. Is it possible to fix this issue without a compiler modification? It's seriously starting to piss me off. |
| ||
It is not being flagged by any legitimate AV programs (although f-prot was great in the DOS days). The problem is likely due to B+ not producing true compiled EXEs and the flagging has to do with the way the runtime(s) is/are being attached to the EXE which can be "questionable" to some scanners. |
| ||
Unfortunately my code is getting flagged by Symantec according to the US EPA, and is triggering more engines than the example exe above... http://www.virustotal.com/file-scan/report.html?id=1e026263d99467b709e608865dadc454168b06683a39a26b3f7f9f8111685acb-1284006948 It seems to vary to some degree depending on the code compiled. I can stop it by wrapping the exe therefore masking the 'footprint', but I'm not happy doing that at all. |
| ||
It seems to vary to some degree depending on the code compiled. I am not sure if Mark includes everything in one big runtime, or if there are runtimes for the core, then for freeimage, fmod, etc. This "could" account for more results for more code.The best you can do is submit your compiled EXE that is giving you problems to the makers of the AV programs who are flagging it. |
| ||
I'm not sure, I always thought Blitz3D/Plus exes included everything, even for functions that are not used. Similar to how BlitzMax behaves without a framework. Submitting the exe is an option, but it's a lot of extra work everytime I update the application. Any advice from BRL on how I can help prevent the issue would be much appreciated if possible. |
| ||
You should only need to submit the program once. Future updates to the program should not affect it, if they fix the problem with false positives. |
| ||
All I know is that icluding every function costs about 500 KB. I also think I've read somewhere in the docs or in the FAQ that every function is included, no matter if you use it or not. |
| ||
Yeah, even my program has had many false positive issues. Even a full recompile doesn't completely eliminate them. http://www.virustotal.com/file-scan/report.html?id=cd0840dded96566f0e89b31fdcad1d8737f99a420c3ad906fb53be63d0013568-1293577869 and http://virusscan.jotti.org/en-gb/scanresult/ecfb2d739c571dbfd3cb0994abd95eb5c6f659ce Between those 2 online scanners, 3 false positives. |