6

I have developed a windows service using C#.Net which collects data and send to my server using custom APIs on a regular interval basis with the client user's permission.

It was working fine until the user installed the anti-virus software (Kaspersky). It, false positively, detected my .exes as PDM:trojan.win32.generic, thrown away into quarantine and removed its service because I am doing web requests using HTTPWebRequest and HTTPWebResponse to push and pull data.

As for temporary, I have white listed .exes and program directory under exclusions rules in anti-virus software program settings and installed service once again. As so it is working fine for now.

But as for final solution, I want to know can we fix this within program itself (programmatically). So that any anti-virus software do not detect it as trojan or any other kind of virus as soon as my program and its service get installed.

Edit - 8th, June 2015

Earlier forgotten to mention that within service .exe it downloads its own latest .exe file to update itself. I wonder if this process is making it to appear as a Trojan.

krishh
  • 1,551
  • 15
  • 28
  • Send a mail to Kaspersky support team... – Matías Fidemraizer Jun 06 '15 at 15:16
  • @mazerraxuz it does not act as web server and does not accept any incoming connection, but makes `Post` and `Get` requests to a web server. One more thing which forgot to mention in the question, is that it downloads its own latest .exe file to update itself. I wonder if this process is making it to appear as a trojan. – krishh Jun 08 '15 at 05:56
  • 2
    _"I want to know can we fix this within program itself (programmatically). So that any anti-virus software do not detect it as trojan or any other kind of virus as soon as my program and its service get installed."_ - if that were possible, would a virus scanner be of any use? – CodeCaster Jun 08 '15 at 06:03
  • @CodeCaster even I thought the same. But just hoping if someone can answer for that. – krishh Jun 08 '15 at 06:14
  • 1
    Pure speculation on my part but: It may well be that update process. Why not try it? Build a few different versions of your program where you deactivate certain things and test it with Kaspersky. I would still try the whitelist. It is one of Kaspersky's advertised goals to create a comprehensive database on all legitimate pieces of software available (big and small). Supposedly they already have over 500 Mio. programs on that list. I've never had to go through the process myself, but from what I hear they don't make it too difficult for developers. – mazerraxuz Jun 08 '15 at 17:02
  • You say that the reason for the false positive is "because I am doing web requests using HTTPWebRequest and HTTPWebResponse to push and pull data" - how did you determine that was the cause of your software being flagged as a virus? I'm having the same issue I think and wondering how to identify what it is about my software that's the issue. – tomRedox Dec 16 '15 at 12:46
  • @tom_redox that determination was by my experienced boss. I still have no proper idea to solve such issues. :) – krishh Dec 22 '15 at 02:48
  • 1
    Thanks @Krish. We got ours working in the end. I ended up right clicking and running the installer as Administrator. I don't know if that was the solution though as I have also read that Kapersky's heuristic algorithms can learn on the fly allowing an installer that fails the first time to then succeed the second time - I have no idea if that's actually correct though. Behaviour that changes from run to run is the last thing I wanted! – tomRedox Dec 22 '15 at 09:47

1 Answers1

5

You can apply to have your program added to the Kasperky whitelist. You may also want to apply for the Kaspersky Lab Trusted Logo.

Other anti virus solutions offer similar whitelist programs, Symantec for example.

Going through these whitelists -IMHO- is the proper way here. If your users place their trust in those solutions your making an effort to be whitelisted i.e. labeled as trustworthy by these solutions should go a long way with your user base.

mazerraxuz
  • 343
  • 2
  • 10
  • 1
    This might solve the problem. But my program is not so big to apply for it to any whitelisting. – krishh Jun 08 '15 at 06:07
  • Will it work with all other anti-virus software if I whitelist my program only through Kaspersky or any other organization. – krishh Jun 08 '15 at 06:19
  • 4
    not unless the other anti virus software uses the Kaspersky whitelist. And to my knowledge other anti virus solutions use their own whitelist. – mazerraxuz Jun 08 '15 at 16:56