Debug in Xojo 2014 1.1 shows virus

When I try to debug my program and others in Xojo 2014 1.1 on Windows Norton shows this virus: SONAR.Heuristic.120 and shuts it down?

Anyone else seen this?

From time to time the anti-virus vendors get things wrong and this sure looks like one
Over the years they’ve even messed up the virus definitions to identify the IDE itself as a virus

You will need to configure Norton to ignore the debug apps you’re running somehow

I hit the same thing
you can tell Norton which folders to ignore when SONAR is doing its stuff

I had similar problem years ago.
The code I had for AES encryption was part of the signature for a virus. I changed code a little bit and plugin was okay.

I had an alert from Intego Virus Barrier on Mac yesterday from a very simple test project.

Antiviruses base their alerts on strings found in the executables. They do report false positive once in a while.

I think I successfully got around this by doing the following:

Launch Norton Security Suite
Click on the Settings tab at the top
Click on Antivirus icon
Click on the Scans and Risks tab
Click on +Configure on the line that says "Items to Exclude from Auto-Protect, SONAR and download intelligence Detection.
Click on the Add button.
Select Add - Folders and add the Xojo folder in the C:\Program_Files(x86)\Xojo folder and your folder with your Xojo projects.
Select Apply and make the changes permanent

If that doesn’t do it, also go to the Antivirus icon / Automatic Protection tab and turn off Sonar Protection or at least set Remove Risks Automatically to “Ask me.”

Hope that helps.

You guys must create a sample, guaranteed not infect by anything, capable to show the false positive and submit it for the anti-virus vendor as a false positive and they will enhance their detection signature algorithms and remove this false positive (or they will tell you that you really have an infected machine).

For Norton, do it here:

Funny thing is we do this periodically and they change things and heuristics get messed up again.
We resubmit and it gets fixed for a bit.
Or one of our users complains to them and it get fixed.
And they come out with a new version & it breaks again.
Anti virus is a tread mill for users & us that just pays Norton & everyone else in that business lots of money to try & keep up.

Probably your final code changes a bit from edition to edition breaking what they used to isolate the difference from a legit code from some known malware code. The compiler market will have this issue forever.

That always shows that in Norton 360 for me when I install a new version of Xojo. That is part of the Heuristic scan, not an actual virus signature. Just add the top level Xojo folder to the trusted programs under SETTINGS / Antivirus / Scans and Risks / Items to exclude from Auto-protect, SONAR and Download Intellegence. Click on the Configure + link and add the top level Xojo folder.

Added: Nevermind I see someone else posted the same info earlier.

Our code guaranteed change from version to version - we fix things & improve things :stuck_out_tongue:

Yep. I know it and you probably know that I know it. :stuck_out_tongue: But you don’t touch the entire code, it’s possible to change 10000 lines of code in a app with 100000 lines and not triggering a new false alert. But sometimes you can change 10 and do it, just because you unintentionally inserted a similar malware signature or removed an exception distinction they used to classify your software as safe.

[quote=88824:@John Scanlan]When I try to debug my program and others in Xojo 2014 1.1 on Windows Norton shows this virus: SONAR.Heuristic.120 and shuts it down?

Anyone else seen this?[/quote]

Yes; I periodically have to turn off SONAR for a short while when I debug. Interestingly, the main, large project I’m working on doesn’t trigger it, but sometimes, a trivial little project I whip to test something up will. I guess this is just an example of what Rick was talking about…

I been using xojo 3.3 for my desktop apps. That cured the SONAR issue.

I know, it’s not a good solution.

I have been using F-Secure for years on Windows without the mess Norton is generating. No false positive, yet these people are extremely responsive.

On Mac, F-Secure is no good, but I appreciate Intego.