Brutal 164 Posted August 30, 2016 Report Share Posted August 30, 2016 Lately I have been aggravated about false positives. Don't get me wrong, my buyer base is pretty solid so I don't get many complaints, but it is always a sore spot for new buyers who do not yet know me. So recently I have noticed that my av fires when I manually open my target exe file, but if the same file is opened using a shell command, it doesn't trigger the av. So, for the next program I release I plan to make an exe using winautomation that does nothing more than run a shell command to open my actual target ubot program. I don't pretend to understand why it is working this way for me or if it will work the same for others. What I do know is that when you initially run any ubot exe, the exe checks to see if it has proper files from ubots server while/before the program is loading. This is clearly what causes the false positive on the various av programs, but I have no clue why it only triggers av when it is being loaded manually as opposed to being loaded via shell command. Anyway it seems like a worthwhile test just to see if I get a lower volume of support requests regarding antivirus programs through the course of the launch. If (and it is a big IF) this works, then it would effectively shutdown the whole false positive issue. I'll post the results here once it all plays out if anyone has interest in the final outcome. 1 Quote Link to post Share on other sites
kev123 132 Posted August 31, 2016 Report Share Posted August 31, 2016 are you using an installer for your software or just supplying program/program and license in zip file? I've done a ton of work with reducing false positives in .net applications of mine, at one point I had VM images with every problematic AV to test.Sadly some of the best gain won't be possible in ubot as you don't have app source but there's several other types of errors you can get rid of and from your post sounds like your experiencing these types. easiest way is to sign app but may not be suitable for everyone There's not one size fits all but if we start on delivery method and when you first see AV error I can offer tips from there. thankskev123 Quote Link to post Share on other sites
Brutal 164 Posted August 31, 2016 Author Report Share Posted August 31, 2016 Hey Kev thanks for the reply. Yes, I use actualinstaller.... and I wasn't thinking about that when I made my post. I expect that the installer will cause the av to fire because, it checks the users .net version and will open a webpage if the user doesn't have the right version. So basically it will do the same as ubot does as far as causing av to trigger. I'll keep thinking on this and see if I come up with any other suitable methods to try. Quote Link to post Share on other sites
kev123 132 Posted August 31, 2016 Report Share Posted August 31, 2016 I get little to no issues using inno installer. the only thing is low rep if file new with AV's such as Norton. edit - forgot to mention altered type of compression to achieve this Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.