Click here to Skip to main content
15,921,837 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Since x-mas many scanners @VT detect my private log analysis tool (old and newest versions) as malware.


I know and asked a malware analyst at Emsisoft and got this reply:

The cause for the detection is most likely the way it triggers certain MITRE rules (see Behavior tab). I will report it to Bitdefender for you, that should take care of 8 engines once they fix it. Unfortunately you'll have to go after the others yourself. I see some have copied the Kaspersky detection as well, but I'm not sure if they use shared signatures.

In the past only about 3 detections where normal.

What can I do to avoid such issues for the future?

What I have tried:

I know and asked a malware analyst at Emsisoft.
Updated 28-Dec-22 4:06am

1 solution

You can't avoid them: they don't publish lists of exactly what they look for (for obvious reasons!)

If your tools trigger AV scanners and your systems are clean, then you need to look at what they do, how they do it, and if exe can be compiled in a different way (optimization switches perhaps) to prevent code that resembles a virus signature being created in the first place. I'd suggest you invest in a number of common scanners, and check your EXEs yourself before release - it's much better if you find them in the office before the client does, even if it's a false positive!
Share this answer
Comments 28-Dec-22 10:25am    
Thank you!

In advanced compiler settings all checkboxes are unchecked - is this ok?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900