Kaspersky sending me broke

A few months ago customers started reporting getting a message from their Kaspersky antivirus: PDM: Trojan.win32.Genericobject type: malware before the Windows program setup file was quarantined.
It is a simple XOJO program wrapped in an Inno setup. No other antivirus program reports anything.
Now Kaspersky deletes my program setup before it even runs. Naturally it has caused panic among my customers and they have vented their frustrations on social networks causing me further grief.
Why? Because apparently all you have to do to derail your opposition is to continually report their program to Kaspersky as causing some sort of mischief to your computer and they will add it to the blacklist.
Obviously this company stands out for it’s poor reputation for false positives and has even been accused of creating them deliberately.
link text

If you turn off “heuristic analysis” does it still report a trojan?

What version of Xojo / RealBasic are you using?
Older versions which generated ‘one file’ exes could look suspicious to some heuristic algorithms.
One reason why they dropped the single file exe method…

Is your installer codesigned?

It’s not a widespread problem with Xojo apps per se, or some of the rest of us would be seeing this.
Even Avast seems to have shut up about my stuff (or people have stopped telling me)

First of all you can contact Kaspersky to remove it from their false positives list (or even add it to their whitelist so it won’t make any problems in the future). I once worked with another AV company and I know that most of them take this really serious. Complaining on the forums how bad an AV company is won’t help.

What you can also do is to check your programs on http://virustotal.com. There you can analyze files in all common AV programs and see if they are reckognized as false positives. This gives you the opportunity to regularly check your binaries before you deliver them to your customers.

Good tip! Thanks. This time it’s Norton who is recognizing our apps (mix of RB and Xojo apps) as false positives. The only real solution so far we’ve found is excluding our folder and subfolders but it is a nuisance and not all clients are happy they have to add this rule.

Tell the customer he won’t need anti-virus. Windows 10 has it build-in and mac don’t need such.

I know! But is very hard to let them understand. Even on windows 7, using Windows Defender is in most cases more than enough. Those virus scanners (the cure) are sometimes worse than the disease.

It is becoming increasingly apparent that social engineering phishing is way more dangerous than viruses.

That said, all so often the viral danger is directly related to unspecified origin programs. Someone who never runs pirated programs will probably never need worrying much about these nuisances.

In the end, though, I don’t see myself explaining customers that anti-viruses are often a worse plague than what they claim to alleviate.

I appreciate Natascha’s guidelines. If indeed AV companies are serious about avoiding false positives, contacting them is probably the best way.

Every single anti-virus is completely useless. Virustotal is a site you can make use of in a good way.
Tell the customer it’s cheaper, faster, better updated and for sure less head problems for them. Especially in windows.

Convice the customer it’s his problem and he will solve it by himself. It’s simply out of your control, because virus scanners detect certain functions thus the probability of the problem (false positive) coming back will be there forever.

Perhaps he can give your app exclusive policy but don’t expect the problem to be gone forever.

@Derk Jochems I have been in AV business for a period and disagree on both parts of your statement. Yes, sometimes you get hit by a false positive, but all serious AV security companies fix that within a day for you if you provide the sample being put in carotene. Believe me, without protection there is a chance to get infected by a trojan, worm or whatever, without even notifying it while it does it’s work and infects others. So please, don’t advice others not to use AV/internet protection as an undeniable truth.

OMG, I really, really hope you were kididing here.

Don’t forget that OS X recent had its first Ransomware, with more to follow I’m certain.

Apple seems to be taking security very seriously, sadly at the expense of functionality.

Has anyone noticed that Craig (the OP) has not actually responded to any of these posts?

What does it mean after 1 day and at the weekend? :wink:

Fair. Maybe nothing. :slight_smile:

Seriously MS has made a really decent anti-virus in windows 8 and 10. If you know what you install, there is no worry of virusses.
When you have a 3th party anti-virus, the windows defender turns off. And that’s when windows isn’t windows anymore.

Again, windows has it build in and there is no need for a replacement. Perhaps enterprises could use it for an intranet but that’s about it. i’m saying there is no need for it caus it’s already there. Windows don’t make false positives and checks the source itself before it’s installed and after.

Sure, Windows Defender is rather good about viruses and can indeed suffice. But it does not have all the bells and whistles of third party antiviruses. What we find so annoying which is application vetting is actually an interesting feature when unknown programs are concerned. Plus most antiviruses offer email scanning and other protections that Defender does not.

I find it kind of paradoxical that a software professional be so bent against, after all, developer colleagues. Just as surprising as the opposition sometimes fierce against commercial third party tools.

Indeed, some AV publishers are not very gracious, but that is no reason to throw the baby with the bath water.

A developer has a support requirement in certain countries. If the AV software is the problem, the customer should simply be notified it’s the AV software and not the software of the topic starter. It’s that simple.

If the customer wants his problem be gone, then he should stop using software that is bothering other software for no reason. That’s what 3th party AV does and will always do.

[quote=254328:@Derk Jochems]A developer has a support requirement in certain countries. If the AV software is the problem, the customer should simply be notified it’s the AV software and not the software of the topic starter. It’s that simple.

If the customer wants his problem be gone, then he should stop using software that is bothering other software for no reason. That’s what 3th party AV does and will always do.[/quote]

So software from famous publishers, that is widely recommended by numerous hardware manufacturers, should be removed because a small developer somewhere says so ? Come on…