Windows app triggers AVG quarantine and threat alert for EvoGen


I built a simple timer app and the executable is flagged for EvoGen threat.

Xojo v 2022r1 compiled my app.

Is there some way to contact Avast/AVG about that false positive and have them tell their engine ?

Some AV are sometimes themselves harmful to a computer :disappointed:.

3 Likes

They have a function to send the file in for analysis. I used that function, and am also concerned for every other app that I compile with Xojo. Not sure if the alert is related to how the compiled executable calls the usage of Libs and/or other resources.

That’s the procedure. I know that they had false positives for EvoGen for VB6 apps. So it may be something related to BASIC like keywords in the binary exposed symbols + some coincidence of some signature.

1 Like

AVG used to drive me crazy with false positives. I’d submit the binary to be reviewed, the next signature database update would fix it, then a few months down the road the same app would be quarantined again for the same threat ID. This repeated ad nauseam.

I eventually switched to Avast, which has some annoying default notification settings that I had to customize, and don’t think I’ve had a single false positive since.

2 Likes

It’s not me that I’m concerned about; it’s the idea of customers downloading the app and mistakenly being brought to the belief that I am offering spyware or threatening software for download.

Yeah, you just have to keep resubmitting for review every time it happens. Nothing else you can do.

1 Like

The wording of these messages is pure scaremongering.

Apple’s notarisation check is among the worst: (my bold)
‘XYZApp will damage your computer You should move it to the Trash’

In most cases this is a blatant lie, (they dont know what it does) and it just means

‘XYZApp didn’t let us scan it before they gave it to you’

1 Like

But the users don’t know that.

2 Likes

And users not knowing it is where developers’ problems would start, because not all users would take the time to let a developer know about flagging of their software.