exes generated by my program seen as false positives

Hi.
Sorry for my english.

I am a Delphi programmer.
Among the programs that I made is this one: http://forums.mydigitallife.info/threads/26932-2-small-utilities-for-Spoon-Studio
There you will find the program (ExeBuilder), sources and explanations about how it works.
Basically it takes a standard exe stored in resources, it changes it to load a exe file from the virtualized program made with Spoon Studio then adds icon(s) and informations from the original exe.
So it does the same thing as other programs like VMWare Thinapp.
The difference is that the exes made by VMWare Thinapp are not shown as infected.
Users who have some knowledge about computers will understand that “TrojWare.Win32.Spy.Banker.Gen” means that Comodo thinks that the file is maybe infected but is not sure.
But there are users who don’t know this and think it’s infected.

I do not think it’s correct that these exe’s should be seen as infected (even if it’s a “generic/heuristic”).

I sent you a zip file with a modified exe that is seen infected + the original exe (before modification).
But, since you’re also programmers, I think you’ll understand fast what this program does (from its sources).
Could you please set Comodo not to “see” the exe files generated by my program as infected…?
Thanks in advance for your help.

Merry Christmas, Catalin

[attachment deleted by admin]

Hi Catalin,

Thank you for reporting this. We’ll check it and get back to you soon.

Kind Regards,
Erik M.

Thank you.

I see that most of the exe files are still detected as infected.
If you need more help just let me know. For example I could send you the sources of my program, a link with a virtualized application that uses such exe files, more explanations about how my program works etc.

Happy new year, Catalin

It’s been more than 2 weeks with no reply from you and also no fix.

So I’m sending more of these exe files so you could see what they have in common.

The main problem is not that Comodo is marking them as infected on my computer but that is saying to other users (on VirusTotal or on their computers) that some of the exe files generated by my program are infected.
The support teams for some of the other antiviruses have found a way so all exe files would be marked as “not infected”, so it’s possible to do this.
Could you please set Comodo not to “see” the exe files generated by my program (for any virtualized application made by Spoon Studio) as infected…?
Thank you.

[attachment deleted by admin]

Hi a_catalin,

Thanks for reporting.We will check this and get back to you soon.

Regards,
Ponmalar.S

So, any news…?

I actually have a similar problem here. I am a developer and my VB Programs and Visual Foxpro programs compiled (into .exe) will always get flagged as virus or automatically sandboxed. Is there anything you guys are doing to address this issue?

are your exe’s being flagged by the antivirus? or are they just being sandboxed?

Both. VB programs are being flagged as by antivirus and VFP always sandboxed!

Well, it’s been almost a month and the problem still exists.
Most of the other antivirus supports have corrected it in their programs.
Do you intend to do something…?

I guess not…

If you create an application yourself (or your application generates it) CIS is never going to be able to see these applications as recognized because it is impossible to whitelist something before it exists. CIS uses file hashes to compare applications with those in its whitelist. So each new compilation is going to be unrecognized.

You have a few options for this type of thing. You can give the .exe the Installer or Updater security policy, or you can add the .exe to your trusted files list and use the option to trust the file by its path instead of its file hash.

Or, if you don’t want to do this for each application, you could put them all in a common folder, and set this folder up as a File Group, and give this group the Installer or Updater security policy. That will give everything in that folder Installer or Updater privileges.

Well, this is only half true.
First, I don’t generate the exe files on my computer, the users of my program generate them on their computers and even use them on other computers. For so many situations these ideas don’t help much. But thank you for them.
Second, there are many antiviruses which don’t see any of these exe files (new or old) as infected (no matter how many exe files I tested). Why? Some people would say that they are poorly made and don’t detect viruses 88) but most of them say they are good antiviruses.
Any good programmer that looks into these exe files (without preconceptions or hidden intentions) will clearly see that the code it’s not doing anything wrong and is clearly not behaving like a virus.
Other programmers proved that they can make a good heuristic detection in their antiviruses (not only with these exe files).

Plus, why haven’t you at least added the false positives from those 31 exe files that I sent you a few weeks ago? All I got from you guys is the standard polite answer and NOTHING MORE.
In the last few weeks over ten other antiviruses supports did that, you didn’t.
Well, do whatever you want, it’s your forum, your antivirus, not mine, it’s not like you committed a crime.

By the way, I made this program to help others (I’m not making any money with it) but I’m beginning to feel bad about it. Like I said to a few others also, I realize now that if you wanna help others, the only good way is to help them in real life, not in this virtual one.

Have a nice day.

I’m sorry, I do not work for Comodo. I am only a user who who helps moderate their forums.

All I can speak of is how CIS operates. Since you haven’t had any success with a fix, I was merely telling you how you can work around this problem. I realize this isn’t much help for the users of your application, but that’s the best I can do.

Ok, I understand, thank you for trying to help me.

I think this is a case for Post here your unfixed FP’s (only after 2 days).

Usually the f/p people will report back to you in less than 24 hrs. But that does not seem to be happening in this topic.

Please make sure you provide the links to the programs generated by your programs that are falsely identified as a virus.