OSDev.org

The Place to Start for Operating System Developers
It is currently Sun May 24, 2020 7:30 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: PE/COFF executable and antivirus false positives
PostPosted: Sun Oct 13, 2019 1:57 am 
Offline
Member
Member

Joined: Tue Mar 04, 2014 5:27 am
Posts: 1010
Somehow virustotal's minions dislike my compiler's output.
sample files, sample "analysis".
I'd like to reduce the likelihood of these false positives as "maliciousness" of ~37% is a bit too high for an absolutely benign program.

If anyone battled a similar problem and can share any useful findings, it would be great.
In essence, I'm after a recipe to generate least suspicious executables.

I know my PEs aren't perfect (I know of a few specific minor issues that Windows lets me get away with) but I also know that any sufficiently fast antivirus program is going to be much much less than perfect and this is what I'm seeing. For example, adjusting the stack/heap reserved/committed sizes is enough to shut up a few of them, which speaks to the quality of their malware detection.

Here's one paper detailing the bizarre inner workings of some of the sa(i)d AVs: Attributes of Malicious Files by Joel Yonts.

Any help is appreciated.


Top
 Profile  
 
 Post subject: Re: PE/COFF executable and antivirus false positives
PostPosted: Sun Oct 13, 2019 10:17 am 
Offline
Member
Member

Joined: Wed Aug 30, 2017 8:24 am
Posts: 449
Yet another argument against antivirus.

I stopped trusting them when one triggered against one of my programs, but did not trigger anymore after turning a condition around. On a RISC architecture, the signature based way might work, but on x86 you can just forget it.

Sorry alexfru, this also means I can't help you. Just wanted to vent a little.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group