Trend Micro Blocking Debugger

I have a program I’ve been developing for a client whose executable file is named PPMtool.exe. Randomly (but more of late than before), when I “Run” the program from the IDE, I get a message from my Trend Micro anti-virus protection that the program “debugppmtool.exe” is ‘ransomware’ and it blocks it. It takes me more than the normal single click to bypass that warning, in that, the option to “allow” it is not even given at first. I don’t recall getting this until somewhat recently.

Any of you have the same experience or could shed some light on the matter? I’m guessing one of the Trend Micro updates may have ratcheted things down too tight, but I really have no idea as to what the actual reason is.

Perhaps the EXE name you are using is the same as a previously known bit of Ransomware that TM has listed in its database?

Interesting theory, Dave … never thought of that. I’ll go out to the Trend Micro site and check it out.

Or simply change the application name to a far more know name (temporary) like Geograpgy (for example), create the application and run it. If there is no more occurence of PPMtool in it and you don’t get a false positive, you know what to do (give it your new application name). :wink:

Thanks, Emile … If it burped every time I tried running the program, I’d try that in a heartbeat. But problem is, it only does it “some times”. I’m afraid that if the app worked under a new name that it might only temporarily do so and not definitively prove the point. Having said that, so far I have not had the same error message for any other application I “run” in the IDE (which does make one think it’s app name dependent). So, next time it burps at me, I will try immediately changing the name to see what happens. If it fails immediately again, then I’ll know it it’s not the name “ppmtool” … if it doesn’t fail, it doesn’t conclusively tell me anything since it may well fail next time I try it.

Well, it was a good idea but just got done checking with Trend Micro … unfortunately, no such named file (or anything really close to it) shows up in their database. :frowning:

I wanted to tell you to think at what in your application can be considered “bad” (like what a virus can do), but what do a virus ? Access to the mass storage device ? Access internet ? Rename files ?
(I do like everybody here the first two intensively in my application)…

Thanks again, Emile. I took your thought and remembered that I had another app I wrote that I used to copy and paste all the code involving internet connection and MSSQL database access (the only two things I can think of that might be “bad boys”) to create this new app. Remembering that, I went back and resurrected that Xojo file and ran it over 20 times consecutively in the IDE to try and see if it too would get blocked … it didn’t (at least “so far”). Again, that doesn’t say it “wouldn’t” get blocked if I tried it 20 more times though.

Add the offending file to the whitelist https://esupport.trendmicro.com/en-us/home/pages/technical-support/premium-security/1059964.aspx?_ga=2.158232378.1222000346.1528295775-2019464663.1528295775

Thank you, Langue … I’ll do that right now. To stop the error messages, I just got done adding it to my “local” machine’s Trend Micro whitelist (telling it to “allow” and not “block” the program) as well