1

I have written a program and build the project. After that, I used VirusTotal.com to scan for suspicious malware and it detected 10. At first I thought it was effected by something that I coded, so I created an empty project and build it. To my surprise after running the scan on VirusTotal, there's 4 suspected malicious malware. I'm thinking that it's all just false positive. Is there a way I can overcome this or avoid it or bypass it as when I want to download from the web, Google Chrome tends to prompt the warning msg when downloading. Even after signing with an EV code signing cert from a reputable CA, it still doesn't help either.

Warning Msg

1 Answers1

2

Some malware are really written with Delphi and some malware detector falsely identify Delphi run time code as the malware.

Those malware detector should detect the actual code of the malware to avoid having a false positive.

You can't do anything for that except contact the malware detector company to explain the problem. Of course, before doing that you must be sure that your system is not infected by a malware infecting your applications as soon as they are compiled.

Read this

And this

fpiette
  • 11,983
  • 1
  • 24
  • 46
  • Another thing that might greatly reduce False Positives is to digitally signing your application with trusted certificate. Until your application executable is unsigned AntiVirus programs rely solely on Heuristics to determine how safe your application may be. But once digitally signed they do take into account the trust level of the digital certificate that was used for signing. – SilverWarior Jan 22 '21 at 13:49
  • @SilverWarior certificates have no value in that context - it's as blatant as a compiler based decision: https://duckduckgo.com/?q=malware+valid+certificate – AmigoJack Jan 22 '21 at 14:47
  • @AmigoJack Yes they do. Well not to the point where AV software will simply skip checking certain file if it is digitally signed. But to the point where AV software is taking into account the thrust level of digital certificate signer while calculating the risk level for specific application. And when Malicious software signed with trusted digital certificate is found the trust level for that specific digital signer is reduced by the company that made such AV software. Now how much trust does specific AV software company put into digital certificates varies greatly from company to company ... – SilverWarior Jan 22 '21 at 19:05
  • ... Any way if AV software programs would not be taking into account digital certificates with whom various applications are signed we would have a lot more false positives. In fact I remember from about 5 to 10 years ago when one AV company, I don't remember which one, tried to disable certificate checking and only check files based on heuristics their AV software ended marking bunch of system files as Malware, because those files actually do similar things that Malware does. ... – SilverWarior Jan 22 '21 at 19:12
  • ... In fact many malware programs and viruses are built with reverse-engineered system code that is slightly modified in order to circumvent system protection. Running heuristic analysis on such files would still match that unchanged code and because of this probably flag such file as malicious. – SilverWarior Jan 22 '21 at 19:13