Forum > Other

How to get along with the Windows Defender

(1/3) > >>

ariben:
Dear all,

I have written some app. which retrieves text data from SQLite table. The compiled binary size is over 30MB so I stripped the binary with "strip.exe --strip-all". That made my binary around 5MB then I handed this out to my more than 30 colleagues.

But in SOME cases, the Windows Defender misunderstands this as a Trojan type malware and deletes soon after being copied to the local drive raising the warning attached.

It's OK if I use the "-g" option to the strip.exe but the size of that becomes 8MB and the biggest RAW exe also runs normally.

First of all, I'm not happy very much why my app. regarded as a malware. And I have no idea why that doesn't take place on all of the machines although the environments are seemingly the same.

Could anyone let me know how to circumvent this issue?

The environment are as follows,
Windows 10 Enterprise LTSC ver. 1809 build 177631697 on DaaS cloud
Intel Xeon 5220@2.2GHz x 2
RAM 8GB

rvk:

--- Quote from: ariben on March 15, 2024, 08:20:49 am ---Could anyone let me know how to circumvent this issue?

--- End quote ---
Maybe you can build the release directly without any debugging info so you don't need to use strip.exe.

If that doesn't work... report the executable as false positive to Microsoft.
https://www.microsoft.com/en-us/wdsi/filesubmission


--- Quote from: ariben on March 15, 2024, 08:20:49 am ---And I have no idea why that doesn't take place on all of the machines although the environments are seemingly the same.
--- End quote ---
Could be that they are at different level of patch or different virus-definition files.

Leledumbo:
Antivirus uses the so called heuristic approach, and unfortunately, sometimes the signature of FPC produced executables matches them. It really is a false positive, and must be solved from the antivirus vendor side.

RayoGlauco:
I'm pretty sure that if you compile without including debugging information, you'll get a smaller executable with no antivirus issues.

ariben:
Thank you all,

I managed to build a new binary without any excess informations. It has around 5MB almost as same in size as the one I previously stripped.

I'll check this one on Monday. I hope this passes the test...

Navigation

[0] Message Index

[#] Next page

Go to full version