@William_Phillips, I had the same last week, same catch of BitDefender. I panict in the first place and turned down all running programs, rebooted in save mode and did a full system check. It found the 'threat" only in de debugrunner of xojo. It let it clean and after that my system was ‘clean’. However, when I started Xojo again and did run debug it directly detected above mentioned threat and stopped the app running. Bitdefender did also remove a with Xojo compiled application which was running before I did the system scan. I could not find back any info of the threat. I know BitDefender did do an update last week and after that it started. I only do not know its real, false or a bug.
I use Windows 11 with BitDefender and Xojo r2025_1.1
Yippie, after opening yet another max priority case Cybereason reacted:
Thanks to all who respondet so far, especially Rick.
4 Likes
From what I have seen, BitDefender stopped triggering on Xojo Gui executables:
Antivirus test of tiny.exe
Tiny.exe is the simplest Xojo Desktop program with nothing added but build options and a name.
You might just update Bitdefender and then try again. Chances are high that your problem will be gone.
For me, almost every new Xojo compile is flagged by at least one of the 97 or so anti-virus checkers launched by [Virustotal].(VirusTotal) . I have discovered that by changing Xojo compiler options, most times the Xojo .exe can be reported as malware-free. A nuisance, but some of my customers also use Virustotal.
1 Like
Thanks for the info. Can you elaborate on which compiler options make the difference for you? By sharing the information others can find it when looking for help in future cases.
This may be obvious, but my first action is to change the “Include Function Names” option. Optimization “Moderate” usually works.
That’s interesting because the function names setting hasn’t worked for the last 16 years. #5965 - Include Function Names is always turned on
If I had to guess, it’s the optimization level causing the false positive identifier to not be present.
Come on, Tim, this report is only 16 years old. There’s still plenty of time to fix it in one of the upcoming releases. 
Is it just me or isn’t Xojo inc taking this seriously?
Sounds like a major problem.
It’s just not simple to fix. IIRC it was reviewed by all of the compiler engineers multiple times while I was there (2011-2022) and no non-breaking solutions were found.
2 Likes
In an effort to be more constructive than my last meltdown, I’ve created ticket #79382 to request that Xojo hide / remove the switch until the functionality can be implemented.
5 Likes
I guess that in the past I suggested that if the compiler needs explicit symbols in the app binary, it could at least obfuscate the symbols even shrinking the size of them. Having the possible side effect of a binary size reduction (not always true). The real symbol list should be near to the exe file, that the dev could delete without problems in the release. Like:
Symbol Used in the binary
----------------------------------------------------
MyAmazingFunction a1
MyPrintThing a2
...
MyItemAfterThousandsItems hg34r
Hi Tim: “Include function names” definitely does something for me in Xojo 2023R4 Windows. Here is an example:
.exe size - include function names: 15MB
.exe size - exclude function names: 12MB
1 Like
Today only 2 of 72 security vendors flagged this file as malicious. 
Hm, I will have to concede that the phrasing I chose was sensationalist, but a test I’ve run just now confirms the switch absolutely does not do what it advertises. With the switch set to off, the functions I intentionally named to be findable were present in the executable.
2 Likes
Interesting, Tim. Maybe this is Xojo-version dependent. Function names are present and absent for me.
Sinds Xojo uses LLVM, this options doesn’t do squat.
So are probably using a very old Xojo version.
.
I can reproduce the 2-3 MByte smaller .exe files on Windows with a recent version of Xojo 2025r1 toggling this setting. But did not check, if the function names are still there or not.
Bitdefender did update itself last week and the signaling of malware did stop.
1 Like