Click here to Skip to main content
15,879,326 members
Search within:


How do I find out why MS defender finds a virus signature in my compiled exe
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C++
anti-virus
Twice in a short time I got a false alarm, which costs me (down)time.
Once I could deduce that a dropbox link (containing the string eqh9vf7y23mta2w) was the cause, in the other case I have no idea at all. The threats were deemed severe, so the compiled programs simply disappeared, not, though, before being executed several times.

This can pop up on you at any time by any (imo stupid or at least complacently superficial) 'security intelligence' update, so it would help greatly to be able to pinpoint the offending bytes to try change them either as data or through a minimal program change.
Off course I gave feedback, but that doesn't help a lot, and certainly not quickly.

I would highly wellcome advice in this.
Thanks,
Jan

What I have tried:

Feedback and lucky deduction by a macro defined variation, where only 1 out of 3 was tagged as a virus.
Posted
Updated 14-Sep-21 12:26pm
Add a Solution
Comments
Richard MacCutchan 14-Sep-21 7:47am    
You need to ask Microsoft.
Rick York 14-Sep-21 12:56pm    
There is a good probability that there is nothing you can do to your program that would make any difference to this issue. Your best bet might be to add the programs that were deleted to a "white list."
Jan Heckman 15-Sep-21 3:43am    
I have been able to change one of the programs in question, and quite trivially, to avoid virus branding; it is just hard to find where to do this.

2 solutions

We can't say, and wouldn't if we could - and probably MS won;t either, as that could help virus writers to bypass the checks.

However if you talk to them, they may be able to accept a sample project and EXE file from you and do more advanced checking on it to avoid such false positives in future.
You'll need to talk to them yourself though - I have no idea who would be the best person to talk to - start with tech support and see how far you get.

Or change your code to produce a different EXE.
 
Share this answer
 
Posted
Some windowless apps, which are not services, are thrown into this category. Quiet easy to determine: Has WinMain entry but does not have CreateWindow() calls.
 
Share this answer
 
Posted
Comments
Jan Heckman 15-Sep-21 3:45am    
What 'category' do you mean? Just as an aside, the programs are C++ console apps compiled and linked with VS 2022 preview.
steveb 15-Sep-21 8:41am    
Category of "Viruses". There is no need for a Windows app to run stealthily if it is not a service. And it is determined via link table in the executable
Jan Heckman 15-Sep-21 12:01pm    
there is no issue of stealthiness involved at all; I cannot see how you got that impression.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Find id of cstatic in a derived class
Not finding C++ standard headers
Find me the solution
Why class filestream is considered as a trojan virus? What to do?
Is there any way to find a complete and up-to-date virus and spyware signatures and information?
C++ finding positions of regex in string
Find (tortoise)git SSH key problem
Where can I find MD5 Virus Checksums?
What type of signatures reconize viruses?
Signature: generated signature does not match submitted signature

Advertise
Privacy
Cookies
Terms of Use
Last Updated 14 Sep 2021
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900