Virus Total False Positives

Technical support and scripting issues

Moderators: Dorian (MJT support), JRL

Post Reply
User avatar
Phil Pendlebury
Automation Wizard
Posts: 518
Joined: Tue Jan 16, 2007 9:00 am
Contact:

Virus Total False Positives

Post by Phil Pendlebury » Sun May 01, 2022 10:16 am

Hi there,

I have small script that I have compiled. It is a freeware application.

The community site that will distribute it requires 100% clearance from a Virus Total scan:

https://www.virustotal.com/gui/home/upload

I have uploaded a few times, including disabling UPX.exe and still there are a few things being flagged. Of course I know these are all false positives but the distro will not accept anything above 100% safe regardless of false positives.

I was wondering if anyone has any ideas how to get around this.

I tried to upload a screenshot here but there is no way to do that other than linking to external screenshot. But you can check this by simply compiling any short script with no special options and uploading it to the link above.

Bearing in mind this is freeware project but it is good for my profile.

Any thoughts appreciated.

Cheers.
Phil Pendlebury - Linktree

User avatar
Phil Pendlebury
Automation Wizard
Posts: 518
Joined: Tue Jan 16, 2007 9:00 am
Contact:

Re: Virus Total False Positives

Post by Phil Pendlebury » Fri May 20, 2022 6:38 pm

Hi guys, I could really do with some guidance on this one please. :-)
Phil Pendlebury - Linktree

User avatar
Dorian (MJT support)
Automation Wizard
Posts: 1106
Joined: Sun Nov 03, 2002 3:19 am
Contact:

Re: Virus Total False Positives

Post by Dorian (MJT support) » Mon May 23, 2022 9:14 am

Hi Phil,

I think Marcus' replies on this thread might help?
Yes, we have a Custom Scripting Service. Message me or go here

User avatar
Phil Pendlebury
Automation Wizard
Posts: 518
Joined: Tue Jan 16, 2007 9:00 am
Contact:

Re: Virus Total False Positives

Post by Phil Pendlebury » Mon May 23, 2022 9:47 am

Thanks Dorian, I had read all that after searching the forum. So not entirely.

I fully understand all of it of course but take my example case:

Free Application for Gamers. So buying a certificate is out of the q.

Gaming site requires verification by a tool that uses hundreds of Virus Sigs form various other companies. I cannot really submit my app to every single one of them.

Just trying to figure if there is a way around it. I have tried compiled without obfuscation etc.

Cheers,
Phil Pendlebury - Linktree

User avatar
Dorian (MJT support)
Automation Wizard
Posts: 1106
Joined: Sun Nov 03, 2002 3:19 am
Contact:

Re: Virus Total False Positives

Post by Dorian (MJT support) » Mon May 23, 2022 10:25 am

I think sadly the certificate probably is the solution whether the app is free or not. I had a similar issue when I wrote a free app that notified people when Covid tests were available in their area. After putting the time into writing it, it made me not bother publishing it.
Yes, we have a Custom Scripting Service. Message me or go here

User avatar
Phil Pendlebury
Automation Wizard
Posts: 518
Joined: Tue Jan 16, 2007 9:00 am
Contact:

Re: Virus Total False Positives

Post by Phil Pendlebury » Mon May 23, 2022 10:31 am

I wish I could afford a certificate and of course the time to figure out how it works... :-)
Phil Pendlebury - Linktree

User avatar
Phil Pendlebury
Automation Wizard
Posts: 518
Joined: Tue Jan 16, 2007 9:00 am
Contact:

Re: Virus Total False Positives

Post by Phil Pendlebury » Wed Jun 01, 2022 5:30 am

Well good news is that after a very laborious process of submitting my installer to all the vendors that were producing false positives, I finally got the all clear.

I am still not sure if I will have to resubmit every time I update the application but we'll see.

https://flightsim.to/file/31716/admiral ... or-windows
Phil Pendlebury - Linktree

user5274
Junior Coder
Posts: 43
Joined: Tue Aug 04, 2020 9:35 am

Re: Virus Total False Positives

Post by user5274 » Thu Jun 16, 2022 9:46 pm

I have had many false positives when trying to transport compiled scripts from either Email, Discord, other messaging, or Uploads.

My quick solution was to encrypt the Zip file so the transport mechanism cannot scan it and flag it. Then give the password to the end-user. The end user PC will still do one final scan but the user can control it then.

Its a shame all compile scripts by MS15 has been flagged by most AV as malware, really embarrassing when working with new clients.

User avatar
Phil Pendlebury
Automation Wizard
Posts: 518
Joined: Tue Jan 16, 2007 9:00 am
Contact:

Re: Virus Total False Positives

Post by Phil Pendlebury » Fri Jun 17, 2022 4:55 am

Encrypting was no use for me in this case as it is a specific distribution site that insists on the files being cleared by Virus Total. (Which I suppose is fair enough).

If you do this a lot, it is worth taking the time to contact the AV vendors. I was frankly surprised about how efficient and helpful they were, apart from one bunch of idiots who insisted that my installer should be flagged becuase it didn't add an "uninstall" shortcut to the start menu.

And after adding that and getting back to them they no longer replied.

However the latest installer does come up all clear now and this is quite a few builds (different version numbers too) later, so this procedure of mine may also have helped other users of complied MS15 scripts.
Phil Pendlebury - Linktree

Post Reply
cron
Sign up to our newsletter for free automation tips, tricks & discounts