Announcement: New Knowledge Base

4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.

F-Secure is treating

We have a standalone web application, in which for every URL request ( which calls CGI binary through system command), a new process is created. With this our application is working fine in normal environment. But in some systems where F-Secure anti-virus program is running there our application is extremely slow and

It is reporting the web application thinking as if it is a virus.

Can you please help what are the situations that makes my web application to be treated as VIRUS?

 

Will digital signature of our binary will help us from AV programs?

Best Answer

  • SiltanenSiltanen Posts: 108
    Accepted Answer

    Hello nawi,

     

    The best course of action would be to provide us with a sample of that file (or a set of files) that is being detected by our AV at: https://analysis.f-secure.com/portal/login.html

     

    When submitting the sample, please remember to fill in the description field. Type should be false positive.

Comments

  • navvinavvi Posts: 4

    Hi,

     

    Actually in our application we have designed one web application which will be using 3 cgi-components for each request and F-Secure is scanning all the times and due to which the performance is very slow.

     

    Do I need to submit all these components or only my web application.

     

     

  • JagadesanJagadesan Posts: 129

    Hi navvi,

    With regards to your problem, I would suggest you to send all the files so that we can whitelist those files from scanning.

    Thanks.

    Best Regards,
    Jagadesan

  • navvinavvi Posts: 4

    Hi,

     

    If we submit our binaries for one time if we upgarde our binaries then do we need to submit them again?

     

    This question was asked by my client.

     

    Does the digital signing of the binary does not have any effect on this type of issues?

     

     

  • JagadesanJagadesan Posts: 129

    Hi nawi,

    With regards to your question, once the sum of the md5 have changed for the file you may need to send it again for whitelisting.

     

    Thanks.

    Best Regards,
    Jagadesan

  • navvinavvi Posts: 4

    If we procure digital certificate from the third party vendor will it help us from catching of binaries from anti virus program.

     

  • JaysonJayson Posts: 595

    Hi navvi,

     

    Kindly submit the samples to our Security Lab as advised by Siltanen. Once you submitted the sample, our Analysts will check into it and advice you on how to prevent the false positive detections.

     

    Thanks.


    Best Regards,
    Jayson

This discussion has been closed.