Recent

Author Topic: How to get along with the Windows Defender  (Read 3071 times)

ariben

  • New Member
  • *
  • Posts: 38
How to get along with the Windows Defender
« on: March 15, 2024, 08:20:49 am »
Dear all,

I have written some app. which retrieves text data from SQLite table. The compiled binary size is over 30MB so I stripped the binary with "strip.exe --strip-all". That made my binary around 5MB then I handed this out to my more than 30 colleagues.

But in SOME cases, the Windows Defender misunderstands this as a Trojan type malware and deletes soon after being copied to the local drive raising the warning attached.

It's OK if I use the "-g" option to the strip.exe but the size of that becomes 8MB and the biggest RAW exe also runs normally.

First of all, I'm not happy very much why my app. regarded as a malware. And I have no idea why that doesn't take place on all of the machines although the environments are seemingly the same.

Could anyone let me know how to circumvent this issue?

The environment are as follows,
Windows 10 Enterprise LTSC ver. 1809 build 177631697 on DaaS cloud
Intel Xeon 5220@2.2GHz x 2
RAM 8GB
« Last Edit: March 16, 2024, 12:43:18 am by ariben »

rvk

  • Hero Member
  • *****
  • Posts: 6194
Re: How to fu*k the Windows Defender
« Reply #1 on: March 15, 2024, 09:10:38 am »
Could anyone let me know how to circumvent this issue?
Maybe you can build the release directly without any debugging info so you don't need to use strip.exe.

If that doesn't work... report the executable as false positive to Microsoft.
https://www.microsoft.com/en-us/wdsi/filesubmission

And I have no idea why that doesn't take place on all of the machines although the environments are seemingly the same.
Could be that they are at different level of patch or different virus-definition files.

Leledumbo

  • Hero Member
  • *****
  • Posts: 8760
  • Programming + Glam Metal + Tae Kwon Do = Me
Re: How to fu*k the Windows Defender
« Reply #2 on: March 15, 2024, 09:22:48 am »
Antivirus uses the so called heuristic approach, and unfortunately, sometimes the signature of FPC produced executables matches them. It really is a false positive, and must be solved from the antivirus vendor side.

RayoGlauco

  • Full Member
  • ***
  • Posts: 182
  • Beers: 1567
Re: How to fu*k the Windows Defender
« Reply #3 on: March 15, 2024, 10:00:15 am »
I'm pretty sure that if you compile without including debugging information, you'll get a smaller executable with no antivirus issues.
« Last Edit: March 15, 2024, 10:03:20 am by RayoGlauco »
To err is human, but to really mess things up, you need a computer.

ariben

  • New Member
  • *
  • Posts: 38
Re: How to fu*k the Windows Defender
« Reply #4 on: March 15, 2024, 11:59:33 am »
Thank you all,

I managed to build a new binary without any excess informations. It has around 5MB almost as same in size as the one I previously stripped.

I'll check this one on Monday. I hope this passes the test...
« Last Edit: March 15, 2024, 12:07:55 pm by ariben »

Joanna

  • Hero Member
  • *****
  • Posts: 805
Re: How to fu*k the Windows Defender
« Reply #5 on: March 15, 2024, 01:53:39 pm »
Why is it necessary to use a poorly disguised vulgar cuss word when asking a question? That’s really disrespectful Of this forum in my opinion.
✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

Nitorami

  • Hero Member
  • *****
  • Posts: 505
Re: How to fu*k the Windows Defender
« Reply #6 on: March 15, 2024, 02:13:04 pm »
I have the same issue with a Python program written by a colleague. This is a universal issue that has nothing to do with Lazarus. The f*ing defender (and yes, I find this the adequate expression and in no way disrespectful) chooses to delete the program willy nilly, sometimes at download, sometimes after weeks in operation. Not on all machines, though, this looks completely random, which appears to be the infamous "heuristics".

domasz

  • Sr. Member
  • ****
  • Posts: 443
Re: How to fu*k the Windows Defender
« Reply #7 on: March 15, 2024, 08:14:29 pm »
Install a better AV (like Avast or Bitdefender) and stop using Windows Defender and your programs won't get deleted.

rvk

  • Hero Member
  • *****
  • Posts: 6194
Re: How to fu*k the Windows Defender
« Reply #8 on: March 15, 2024, 08:20:04 pm »
Install a better AV (like Avast or Bitdefender) and stop using Windows Defender and your programs won't get deleted.
Haha... Really... You think Avast is problem free  ;D

ariben

  • New Member
  • *
  • Posts: 38
Re: How to fu*k the Windows Defender
« Reply #9 on: March 15, 2024, 09:51:52 pm »
Dear all,

I'm truly sorry that the title of the post is inappropriate. But I'm so fed up with this issue.
That is all. I should have known better. Especially about the PC.

Regards
« Last Edit: March 15, 2024, 09:55:35 pm by ariben »

Joanna

  • Hero Member
  • *****
  • Posts: 805
the Windows Defender
« Reply #10 on: March 15, 2024, 11:13:15 pm »
Dear all,

I'm truly sorry that the title of the post is inappropriate. But I'm so fed up with this issue.
That is all. I should have known better. Especially about the PC.

Regards
If you are sorry fix it.
« Last Edit: March 16, 2024, 03:03:42 pm by Joanna »
✨ 🙋🏻‍♀️ More Pascal enthusiasts are needed on IRC .. https://libera.chat/guides/ IRC.LIBERA.CHAT  Ports [6667 plaintext ] or [6697 secure] channel #fpc  Please private Message me if you have any questions or need assistance. 💁🏻‍♀️

BrassGear

  • New Member
  • *
  • Posts: 15
  • Game Developer
    • My pascal game on itch.io
Re: How to fu*k the Windows Defender
« Reply #11 on: April 18, 2024, 01:24:31 pm »
Why is it necessary to use a poorly disguised vulgar cuss word when asking a question?

That is unfortunately how it often feels to deal with modern windows. :(

There's some good advice in this thread, thanks.

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11519
  • FPC developer.
Re: How to fu*k the Windows Defender
« Reply #12 on: April 18, 2024, 01:57:34 pm »
Antivirus uses the so called heuristic approach, and unfortunately, sometimes the signature of FPC produced executables matches them. It really is a false positive, and must be solved from the antivirus vendor side.

More likely it is the other way around, everything it doesn't know is suspect.

BrassGear

  • New Member
  • *
  • Posts: 15
  • Game Developer
    • My pascal game on itch.io
Re: How to fu*k the Windows Defender
« Reply #13 on: April 18, 2024, 03:24:10 pm »
(image)

Would enabling the option to strip symbols from the executable (-Xs on that screen) also be likely to cause the heuristics to trip, or is the strip option in the original post something different?

 

TinyPortal © 2005-2018