Bitdefender detects my console application as Gen:Variant.Ursu.56053

Question

I've developed a console application that does a lot of routines, but the Antivirus detected it as a malware of type Gen:Variant.Ursu.56053.

How can I fix this without touching the antivirus policy because it's not allowed for us to create any exceptions for any found threat.

I'd like also to mention that If i changed the assembly name the antivirus is no longer consider the new file virus, but it looks that it considers it virus because I invoke it many times, with different parameters.

Any suggestions, I'm really suffering from this,

Disable antivirus for 15 minutes (or as long as you compile new binaries). — andrew.fox, Sep 12 '22 at 15:58

score 13 · Answer 1 · answered Aug 06 '20 at 09:32

13

I know this thread is very old, but for people which will come here - to fix this issue simply add icon to the program, im not even joking, it works.

answered Aug 06 '20 at 09:32

Im-Beast

131
3
6

If this works, it means your anti-virus is probably just using some sort of checksum on the file rather than doing any clever analysis of it. So YMMV depending on which anti-virus you are using. – Nigel Hawkins Aug 11 '20 at 13:51
1

I tested it on virustotal, over 18 antiviruses checks it like this – Im-Beast Aug 12 '20 at 19:49
1

That really worked! 9 virus alerts for release version signed with certificate, 1 virus alert for unsigned version, 0 virus alerts after adding an icon. That was brilliant! You are genius! – skv Sep 16 '22 at 04:52

score 2 · Answer 2 · answered Sep 20 '19 at 09:57

FALSE +VE ALERT!!! Many antivirus engines have name pattern matching as their Swiss-knife to detect malicious files,If any of them matches the name they have in their Database then you can't do much about it. Its simply became a False +ve !!! Also your assembly name should consist of the technology area and component description, or company name and technology area (depending on your preferance). So try changing it to more specific one. :)

Assuming that you are talking about .NET (with relation to Visual Studio) For Ex:

Project: Biometric Device Access

Assembly: BiometricFramework.DeviceAccess.dll

Namespace: ACME.BiometricFramework.DeviceAccess

score 0 · Answer 3 · answered Mar 18 '20 at 01:32

0

I had the same problem with Bitdefender, but mine is a Gen:Variant.Ursu.787553 when I tried creating a .exe file from my C program.

I simply moved it out of quarantine manually, and it worked well. You might have to that every time you build a new program. Hope this helps!

answered Mar 18 '20 at 01:32

j-hmd

43
5

1

The poster already wrote that "it's not allowed for us to create any exceptions for any found threat", so it's unlikely that they can "simply move it out of quarantine manually". – gpvos Mar 25 '21 at 11:53

Bitdefender detects my console application as Gen:Variant.Ursu.56053

3 Answers3