Forum > General

Virtus alerts on a fresh Windows binary

<< < (2/5) > >>

Thaddy:
Can you send me sourcecode of the false positive, so I can analyse it?
(It was part of my job when I still worked, I am CEH certified)
I have tried to reproduce this, but even with educated guessing I can not replicate the issue.
Usually it is the startup code again, though.
And yes, MS fixes real quick if that is the case again.

More in general: if an organisation does not have their software up to date it is their fault.
I never worry about that.

Okoba:
This is a sample!

--- Code: Pascal  [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---program project1; begin  WriteLn('test');  ReadLn;end.              Built with Trunk version in a clean Windows 10 and 11.

Thaddy:
Nothing happens here, transferred the fresh binary to another Windows11/64 and nothing happens there. Strange. Note on both laptops, two meter apart, Windows Defender is fully up-to-date. Transfer was physical, USB stick and not SSH.

d7_2_laz:
I’d like to share my own experiences here. Approx. 4 months ago, one of my long existing progs (release mode, no debug infos) were reported by Windows Defender as infected. I had had changed the prog sometimes, but not in relevant parts.

First I restored the prog from a safe copy– and tried with older versions too. No change; still an alert and the prog got removed.

(What I had not tested: how it behaves when running from another site.)

Then I tested via VirusTotal. Only one of the various engines here reported a virus, the others not. That appears to be normal.
For to be able to continue to use the prog, I excluded it from the Defender checks.

Then I submitted to Microsoft, hoping for some consequence.
I never got response – but after 8 days (had checked daily) I noticed that the virus alert was gone. No more problems since then. This happened only once.


Okoba:
@Thaddy what virtustotal says?
@d7_2_laz thank you. Do you know how much it took it until other machines didn't warn users?
I tried submitting to Microsoft and they did fix it just now and asked me to clear the Defender cache, but it only works on my machine. If I move the exe to others, their machine warns and delete the exe.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version