I am a Delphi programmer.
Among the programs that I made is this one: http://forums.mydigitallife.info/threads/26932-2-small-utilities-for-Spoon-Studio
There you will find the program (ExeBuilder), sources and explanations about how it works.
Basically it takes a standard exe stored in resources, it changes it to load a exe file from the virtualized program made with Spoon Studio then adds icon(s) and informations from the original exe.
So it does the same thing as other programs like VMWare Thinapp.
The difference is that the exes made by VMWare Thinapp are not shown as infected.
Users who have some knowledge about computers will understand that “TrojWare.Win32.Spy.Banker.Gen” means that Comodo thinks that the file is maybe infected but is not sure.
But there are users who don’t know this and think it’s infected.
I do not think it’s correct that these exe’s should be seen as infected (even if it’s a “generic/heuristic”).
I sent you a zip file with a modified exe that is seen infected + the original exe (before modification).
But, since you’re also programmers, I think you’ll understand fast what this program does (from its sources).
Could you please set Comodo not to “see” the exe files generated by my program as infected…?
Thanks in advance for your help.
I see that most of the exe files are still detected as infected.
If you need more help just let me know. For example I could send you the sources of my program, a link with a virtualized application that uses such exe files, more explanations about how my program works etc.
It’s been more than 2 weeks with no reply from you and also no fix.
So I’m sending more of these exe files so you could see what they have in common.
The main problem is not that Comodo is marking them as infected on my computer but that is saying to other users (on VirusTotal or on their computers) that some of the exe files generated by my program are infected.
The support teams for some of the other antiviruses have found a way so all exe files would be marked as “not infected”, so it’s possible to do this.
Could you please set Comodo not to “see” the exe files generated by my program (for any virtualized application made by Spoon Studio) as infected…?
Thank you.
I actually have a similar problem here. I am a developer and my VB Programs and Visual Foxpro programs compiled (into .exe) will always get flagged as virus or automatically sandboxed. Is there anything you guys are doing to address this issue?
Well, it’s been almost a month and the problem still exists.
Most of the other antivirus supports have corrected it in their programs.
Do you intend to do something…?
If you create an application yourself (or your application generates it) CIS is never going to be able to see these applications as recognized because it is impossible to whitelist something before it exists. CIS uses file hashes to compare applications with those in its whitelist. So each new compilation is going to be unrecognized.
You have a few options for this type of thing. You can give the .exe the Installer or Updater security policy, or you can add the .exe to your trusted files list and use the option to trust the file by its path instead of its file hash.
Or, if you don’t want to do this for each application, you could put them all in a common folder, and set this folder up as a File Group, and give this group the Installer or Updater security policy. That will give everything in that folder Installer or Updater privileges.
Well, this is only half true.
First, I don’t generate the exe files on my computer, the users of my program generate them on their computers and even use them on other computers. For so many situations these ideas don’t help much. But thank you for them.
Second, there are many antiviruses which don’t see any of these exe files (new or old) as infected (no matter how many exe files I tested). Why? Some people would say that they are poorly made and don’t detect viruses 88) but most of them say they are good antiviruses.
Any good programmer that looks into these exe files (without preconceptions or hidden intentions) will clearly see that the code it’s not doing anything wrong and is clearly not behaving like a virus.
Other programmers proved that they can make a good heuristic detection in their antiviruses (not only with these exe files).
Plus, why haven’t you at least added the false positives from those 31 exe files that I sent you a few weeks ago? All I got from you guys is the standard polite answer and NOTHING MORE.
In the last few weeks over ten other antiviruses supports did that, you didn’t.
Well, do whatever you want, it’s your forum, your antivirus, not mine, it’s not like you committed a crime.
By the way, I made this program to help others (I’m not making any money with it) but I’m beginning to feel bad about it. Like I said to a few others also, I realize now that if you wanna help others, the only good way is to help them in real life, not in this virtual one.
I’m sorry, I do not work for Comodo. I am only a user who who helps moderate their forums.
All I can speak of is how CIS operates. Since you haven’t had any success with a fix, I was merely telling you how you can work around this problem. I realize this isn’t much help for the users of your application, but that’s the best I can do.