Jump to content



Photo

Getting Tired Of Asking Clients To Turn Off Their Av Or Use Vmware!

anti virus false negative

  • Please log in to reply
5 replies to this topic

#1 stuna

stuna

    Advanced Member

  • Fellow UBotter
  • PipPipPip
  • 179 posts
  • OS:Windows 10
  • Total Memory:8Gb
  • Framework:v4.5+, unsure
  • License:Developer Edition

Posted 03 December 2017 - 10:10 PM

As the title says.. No easy fix insight.!! This looks like  only a ubot problem.. It is pushing me away from making and marketing new bots using ubot.. I have submitted my bots to AV companies! That did not thing! Anyone else frustrated with this? :( The more I sell the more chargebacks I have to deal with because of this ONE one this reason!!! Some people do not care about the reasons for "false negatives" !!


kax6Sl.jpg
OR CLICK THE ABOVE BANNER

#2 bestmacros

bestmacros

    Advanced Member

  • Fellow UBotter
  • PipPipPip
  • 361 posts
  • LocationIsrael
  • OS:Windows 10
  • Total Memory:More Than 9Gb
  • Framework:v4.5+, unsure
  • License:Developer Edition

Posted 04 December 2017 - 12:08 AM

you can't do anything about it - your bot will trigger false positives no matter what.

I would recommend to state in your product description that the customer will need to disable or white-list the software to be able to use it.

it is useless to submit your bot to av companies - it will not really help.


bestmacros1.jpg


#3 LoWrIdErTJ - BotGuru

LoWrIdErTJ - BotGuru

    Botguru.net

  • Moderators
  • 4596 posts
  • LocationMichigan
  • OS:Windows 10
  • Total Memory:8Gb
  • Framework:v4.5+, unsure
  • License:Developer Edition

Posted 04 December 2017 - 02:00 PM

I have to say you will always run into this issue, however with response to submitting to AV companies it does help, but have to keep in mind the following.

 

Just because you submit it once doesn't stop it entirely.

First after submission and they accept it.  You have to wait till theire next update release from the AV for it to take effect user side.

Also if you repackage the exe (compile a new version) you must then submit it as well and again wait for them to push an update to the client AV

 

I have made a small helper source code for a few major AV companies.

 

See attached file


Web Automation Bots, and Ubot Plugins @ BotGuru.net Want a Custom bot? click here or Email me

ForumBanner.png

21 PLUGINS ABSOLUTELY FREE 100s for commands and functions
 


#4 entroqy

entroqy

    Advanced Member

  • Members
  • PipPipPip
  • 39 posts
  • OS:Windows 8
  • Total Memory:More Than 9Gb
  • Framework:v4.0
  • License:Developer Edition

Posted 05 December 2017 - 05:11 AM

> This looks like  only a ubot problem..

not so. This happens with a lot of unsigned software, not just ubot. 

Some AV products  are lazy and will trigger warnings anytime they see unsigned software. Usually false positives are caused by finding a match in the software to a malware signature.  I suspect that just using certain packers will trigger alerts too, just because some ahole malware product used it as well.

 

If you submit your exe/file to virustotal.com they will run it through a bunch of AV products and give you the results.  You can then submit a false positive report for any alerts. Some AV companies are quick to respond, some not so much and good luck finding out how to do this for some the more obscure ones.

Microsoft is usually pretty good but you may get different alerts from different versions e.g. w10 says all ok, while some w7 simply deletes the install.



#5 stuna

stuna

    Advanced Member

  • Fellow UBotter
  • PipPipPip
  • 179 posts
  • OS:Windows 10
  • Total Memory:8Gb
  • Framework:v4.5+, unsure
  • License:Developer Edition

Posted 15 December 2017 - 01:11 PM

Thanks for the tips guys.


kax6Sl.jpg
OR CLICK THE ABOVE BANNER

#6 consultingad

consultingad

    Advanced Member

  • Fellow UBotter
  • PipPipPip
  • 83 posts
  • OS:Windows Server 2012
  • Total Memory:More Than 9Gb
  • Framework:v4.5+, unsure
  • License:Developer Edition

Posted 16 December 2017 - 12:44 PM

 

I have to say you will always run into this issue, however with response to submitting to AV companies it does help, but have to keep in mind the following.
 
Just because you submit it once doesn't stop it entirely.
First after submission and they accept it.  You have to wait till theire next update release from the AV for it to take effect user side.
Also if you repackage the exe (compile a new version) you must then submit it as well and again wait for them to push an update to the client AV
 
I have made a small helper source code for a few major AV companies.
 
See attached file

 





Also tagged with one or more of these keywords: anti virus, false negative

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users