Jump to content



Photo

Getting Tired Of Asking Clients To Turn Off Their Av Or Use Vmware!

anti virus false negative

  • Please log in to reply
3 replies to this topic

#1 stuna

stuna

    Advanced Member

  • Fellow UBotter
  • PipPipPip
  • 156 posts
  • OS:Windows 10
  • Total Memory:8Gb
  • Framework:v4.5+, unsure
  • License:Developer Edition

Posted 03 December 2017 - 10:10 PM

As the title says.. No easy fix insight.!! This looks like  only a ubot problem.. It is pushing me away from making and marketing new bots using ubot.. I have submitted my bots to AV companies! That did not thing! Anyone else frustrated with this? :( The more I sell the more chargebacks I have to deal with because of this ONE one this reason!!! Some people do not care about the reasons for "false negatives" !!



#2 bestmacros

bestmacros

    Advanced Member

  • Fellow UBotter
  • PipPipPip
  • 345 posts
  • LocationIsrael
  • OS:Windows 10
  • Total Memory:More Than 9Gb
  • Framework:v4.5+, unsure
  • License:Developer Edition

Posted 04 December 2017 - 12:08 AM

you can't do anything about it - your bot will trigger false positives no matter what.

I would recommend to state in your product description that the customer will need to disable or white-list the software to be able to use it.

it is useless to submit your bot to av companies - it will not really help.


bestmacros1.jpg


#3 LoWrIdErTJ - BotGuru

LoWrIdErTJ - BotGuru

    Botguru.net

  • Moderators
  • 4553 posts
  • LocationMichigan
  • OS:Windows 10
  • Total Memory:8Gb
  • Framework:v4.5+, unsure
  • License:Developer Edition

Posted 04 December 2017 - 02:00 PM

I have to say you will always run into this issue, however with response to submitting to AV companies it does help, but have to keep in mind the following.

 

Just because you submit it once doesn't stop it entirely.

First after submission and they accept it.  You have to wait till theire next update release from the AV for it to take effect user side.

Also if you repackage the exe (compile a new version) you must then submit it as well and again wait for them to push an update to the client AV

 

I have made a small helper source code for a few major AV companies.

 

See attached file



#4 entroqy

entroqy

    Advanced Member

  • Members
  • PipPipPip
  • 39 posts
  • OS:Windows 8
  • Total Memory:More Than 9Gb
  • Framework:v4.0
  • License:Developer Edition

Posted 05 December 2017 - 05:11 AM

> This looks like  only a ubot problem..

not so. This happens with a lot of unsigned software, not just ubot. 

Some AV products  are lazy and will trigger warnings anytime they see unsigned software. Usually false positives are caused by finding a match in the software to a malware signature.  I suspect that just using certain packers will trigger alerts too, just because some ahole malware product used it as well.

 

If you submit your exe/file to virustotal.com they will run it through a bunch of AV products and give you the results.  You can then submit a false positive report for any alerts. Some AV companies are quick to respond, some not so much and good luck finding out how to do this for some the more obscure ones.

Microsoft is usually pretty good but you may get different alerts from different versions e.g. w10 says all ok, while some w7 simply deletes the install.







Also tagged with one or more of these keywords: anti virus, false negative

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users