Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

[Travis Siegel via fpc-pascal]

How it's done in FPC I don't know, but in other language tools I use, it 
requires a resource file with spefic information in it.  I can never 
remember all the details, so I have to keep a template resource file 
around with the required information in it, and change it for each 
program  work on.


In general I don't bother with the resource file during testing, but 
when I release a full version, I apply the resource file to the 
executable, and that usually takes care of the issue.


I've also noticed that if you have any timing routines in your code, it 
tends to get flagged by virus scanners.  No clue why, but I've run afoul 
of that issue more than once.


On 2/12/2021 4:49 PM, James Richters via fpc-pascal wrote:


How does one sign an executable?

*From:*fpc-pascal  *On Behalf 
Of *Dmitry Boyarintsev via fpc-pascal

*Sent:* Friday, February 12, 2021 4:28 PM
*To:* FPC-Pascal users discussions 
*Cc:* Dmitry Boyarintsev 
*Subject:* Re: [fpc-pascal] Windows Defender considers fp.exe a 
malicious program


Are signed executables subject to anti-virus inspection?


___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

[Martin Frb via fpc-pascal]

On 12/02/2021 22:48, James Richters via fpc-pascal wrote:

I have no idea how to register a legitimate program as not having a virus.  
I've had this issue before but managed to track down the section of code that 
caused it... after a completely exhaustive search.

Anti virus providers normally have page where you can submit false 
positives.


For windows defender it seems to be here. (unlike most other AV 
companies, you need to sign in)

https://www.microsoft.com/en-us/wdsi/filesubmission

Of course that needs the exe to be detected (well I don't know if AV 
companies accept submissions that are not detected). If you release 
today, your exe can still be detected as avirus in a few month. Once it 
is detected, you can submit it.


That may not solve the issue for self build fp.exe .
If the AV whitelists the exact exe, it will fail the next time you 
build, because fpc includes a timestamp (afaik)

___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

[James Richters via fpc-pascal]

How does one sign an executable?
 
From: fpc-pascal  On Behalf Of Dmitry 
Boyarintsev via fpc-pascal
Sent: Friday, February 12, 2021 4:28 PM
To: FPC-Pascal users discussions 
Cc: Dmitry Boyarintsev 
Subject: Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program
 
Are signed executables subject to anti-virus inspection?
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

[James Richters via fpc-pascal]

The problem I have had is when programs I compile generate a false virus 
detection.. sure on my own computer I can just disable that directory from the 
virus scanner but it becomes a problem when I release it to my customers and 
their virus scanners quarantine it.   I have no idea how to register a 
legitimate program as not having a virus.  I've had this issue before but 
managed to track down the section of code that caused it... after a completely 
exhaustive search.

James


-Original Message-
From: fpc-pascal  On Behalf Of Graeme 
Geldenhuys via fpc-pascal
Sent: Friday, February 12, 2021 1:16 PM
To: fpc-pascal@lists.freepascal.org
Cc: Graeme Geldenhuys 
Subject: Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

On 12/02/2021 4:17 pm, Bart via fpc-pascal wrote:
> I exclude the folders where fpc/lazarus reside from scanning.
> Also the folders where I develop my programs.
> If you don't you're bound to get strange bugs and thing like this.

Yes, that's a very good idea. We do the same at work for our Java, iOS and 
Android projects. Those projects generate 1000's of files while compiling etc. 
We know they don't contain viruses, so why let the virus scanner scan then. On 
Android machines it made a massive difference for compile speed too.

Regards,
  Graeme

--
fpGUI Toolkit - a cross-platform GUI toolkit using Free Pascal 
http://fpgui.sourceforge.net/

My public PGP key:  http://tinyurl.com/graeme-pgp 
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org 
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

[Dmitry Boyarintsev via fpc-pascal]

Are signed executables subject to anti-virus inspection?
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

[Graeme Geldenhuys via fpc-pascal]

On 12/02/2021 4:17 pm, Bart via fpc-pascal wrote:
> I exclude the folders where fpc/lazarus reside from scanning.
> Also the folders where I develop my programs.
> If you don't you're bound to get strange bugs and thing like this.

Yes, that's a very good idea. We do the same at work for our Java, iOS
and Android projects. Those projects generate 1000's of files while
compiling etc. We know they don't contain viruses, so why let the
virus scanner scan then. On Android machines it made a massive difference
for compile speed too.

Regards,
  Graeme

-- 
fpGUI Toolkit - a cross-platform GUI toolkit using Free Pascal
http://fpgui.sourceforge.net/

My public PGP key:  http://tinyurl.com/graeme-pgp
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

[Bart via fpc-pascal]

On Fri, Feb 12, 2021 at 9:10 AM Alexander Bunakov via fpc-pascal
 wrote:

> As of trunk r48648, Windows Defender deletes fp.exe after compilation
> because it considers it an infected file. It claims that fp.exe is
> infected with Trojan:Win32/Fuerboos.E!cl and quarantines the file.

I exclude the folders where fpc/lazarus reside from scanning.
Also the folders where I develop my programs.
If you don't you're bound to get strange bugs and thing like this.


-- 
Bart
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

[Winfried Bartnick via fpc-pascal]

Not only Windows Defender:

After a compiler  run sometimes BitDefender moans (seldom) that the 
binary is some malware.


Adding (or deleting) some code, another compiler run  and the phantom is 
gone.


The Anti-Virus programs use a heuristic because of the immense ammount 
of malware and virus.


It is no pattern matching anymore like in the "old days".

So the number of false positive alarm increases.

Example: After using 7 years the YajHFC (Yet another Java HylaFAX 
client) on our Windows clients


Bitdefender suddenly moant that it is malware: False positive.

Winni



Am 12.02.21 um 09:33 schrieb Alexander Grotewohl via fpc-pascal:
Unfortunately from what I've read just using certain Windows APIs is 
enough to get an executable flagged. Probably nothing to be too 
concerned about.


--
Alexander Grotewohl
https://dcclost.com 


*From:* fpc-pascal  on behalf 
of Alexander Bunakov via fpc-pascal 

*Sent:* Thursday, February 11, 2021 3:22:40 AM
*To:* fpc-pascal@lists.freepascal.org 
*Cc:* Alexander Bunakov 
*Subject:* [fpc-pascal] Windows Defender considers fp.exe a malicious 
program

Hello all,

As of trunk r48648, Windows Defender deletes fp.exe after compilation
because it considers it an infected file. It claims that fp.exe is
infected with Trojan:Win32/Fuerboos.E!cl and quarantines the file.

Anyone else is experiencing this? Any idea why is this happening?

--
Regards,
Alexander
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal 



___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Re: [fpc-pascal] Windows Defender considers fp.exe a malicious program

[Alexander Grotewohl via fpc-pascal]

Unfortunately from what I've read just using certain Windows APIs is enough to 
get an executable flagged. Probably nothing to be too concerned about.

--
Alexander Grotewohl
https://dcclost.com


From: fpc-pascal  on behalf of 
Alexander Bunakov via fpc-pascal 
Sent: Thursday, February 11, 2021 3:22:40 AM
To: fpc-pascal@lists.freepascal.org 
Cc: Alexander Bunakov 
Subject: [fpc-pascal] Windows Defender considers fp.exe a malicious program

Hello all,

As of trunk r48648, Windows Defender deletes fp.exe after compilation
because it considers it an infected file. It claims that fp.exe is
infected with Trojan:Win32/Fuerboos.E!cl and quarantines the file.

Anyone else is experiencing this? Any idea why is this happening?

--
Regards,
Alexander
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

[fpc-pascal] Windows Defender considers fp.exe a malicious program

[Alexander Bunakov via fpc-pascal]

Hello all,

As of trunk r48648, Windows Defender deletes fp.exe after compilation 
because it considers it an infected file. It claims that fp.exe is 
infected with Trojan:Win32/Fuerboos.E!cl and quarantines the file.


Anyone else is experiencing this? Any idea why is this happening?

--
Regards,
Alexander
___
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal