F-Secure is treating

navvi

We have a standalone web application, in which for every URL request ( which calls CGI binary through system command), a new process is created. With this our application is working fine in normal environment. But in some systems where F-Secure anti-virus program is running there our application is extremely slow and

It is reporting the web application thinking as if it is a virus.

Can you please help what are the situations that makes my web application to be treated as VIRUS?

 

Will digital signature of our binary will help us from AV programs?

Siltanen

Hello nawi,

 

The best course of action would be to provide us with a sample of that file (or a set of files) that is being detected by our AV at: https://analysis.f-secure.com/portal/login.html

 

When submitting the sample, please remember to fill in the description field. Type should be false positive.

navvi

Hi,

 

Actually in our application we have designed one web application which will be using 3 cgi-components for each request and F-Secure is scanning all the times and due to which the performance is very slow.

 

Do I need to submit all these components or only my web application.

 

 

Jagadesan

Hi navvi,

With regards to your problem, I would suggest you to send all the files so that we can whitelist those files from scanning.

Thanks.

Best Regards,
Jagadesan

navvi

Hi,

 

If we submit our binaries for one time if we upgarde our binaries then do we need to submit them again?

 

This question was asked by my client.

 

Does the digital signing of the binary does not have any effect on this type of issues?

 

 

Jagadesan

Hi nawi,

With regards to your question, once the sum of the md5 have changed for the file you may need to send it again for whitelisting.

 

Thanks.

Best Regards,
Jagadesan

navvi

If we procure digital certificate from the third party vendor will it help us from catching of binaries from anti virus program.

 

Jayson

Hi navvi,

 

Kindly submit the samples to our Security Lab as advised by Siltanen. Once you submitted the sample, our Analysts will check into it and advice you on how to prevent the false positive detections.

 

Thanks.

Best Regards,
Jayson