False positive detection of c# .net program by anti-virus as trojan

Send a mail to Kaspersky support team... – Soluble 6/6, 2015 at 15:16

@mazerraxuz it does not act as web server and does not accept any incoming connection, but makes Post and Get requests to a web server. One more thing which forgot to mention in the question, is that it downloads its own latest .exe file to update itself. I wonder if this process is making it to appear as a trojan. – Knickerbockers 8/6, 2015 at 5:56

"I want to know can we fix this within program itself (programmatically). So that any anti-virus software do not detect it as trojan or any other kind of virus as soon as my program and its service get installed." - if that were possible, would a virus scanner be of any use? – Cnidoblast 8/6, 2015 at 6:3

@Cnidoblast even I thought the same. But just hoping if someone can answer for that. – Knickerbockers 8/6, 2015 at 6:14

Pure speculation on my part but: It may well be that update process. Why not try it? Build a few different versions of your program where you deactivate certain things and test it with Kaspersky. I would still try the whitelist. It is one of Kaspersky's advertised goals to create a comprehensive database on all legitimate pieces of software available (big and small). Supposedly they already have over 500 Mio. programs on that list. I've never had to go through the process myself, but from what I hear they don't make it too difficult for developers. – Gadgetry 8/6, 2015 at 17:2

You say that the reason for the false positive is "because I am doing web requests using HTTPWebRequest and HTTPWebResponse to push and pull data" - how did you determine that was the cause of your software being flagged as a virus? I'm having the same issue I think and wondering how to identify what it is about my software that's the issue. – Dispense 16/12, 2015 at 12:46

@tom_redox that determination was by my experienced boss. I still have no proper idea to solve such issues. :) – Knickerbockers 22/12, 2015 at 2:48

Thanks @Krish. We got ours working in the end. I ended up right clicking and running the installer as Administrator. I don't know if that was the solution though as I have also read that Kapersky's heuristic algorithms can learn on the fly allowing an installer that fails the first time to then succeed the second time - I have no idea if that's actually correct though. Behaviour that changes from run to run is the last thing I wanted! – Dispense 22/12, 2015 at 9:47

Recommended topics

Hot tags