deviated trainers marked as suspicious

Superuser

Re: deviated trainers marked as suspicious

I can to understand your points about situation. I mean - I can to understand your feeling that situation (which you meet like "developer") (it's also logical thing....).

It's, of course, not really nice. But for prevent detection (such of - buy/check any certs and etc.) also take time for any other developers. It's mean... that common situation - just totally... require a lot of "steps/actions" for any sides (for prevent false-positive-detection; for creating "protection" against changes by other people; and any other points);

 

F-Secure one of companies... who worry about "false-positive" - they try to prevent "false-positive"-detections... which can to "confused" users and simply do not give any nice things.

Because how you note (in other words) - good protection-software it's software... where malicious files are detected.... and safe files are allowed. Less "false-positive"-detections - like one of side.. for that.

 

About all other - I already create private letter for your (yesterday; here was just my suggestions and it's not mean.. that it's totally like that);

And also... here... just "behavior-generic"-detection.... which not think about "which file here" (in common means and without any other setting); How it looks... and other - not mainly;

Detection about actions.... or something another, which can be suspicious (not mean that if you call file "trojan" - it will be "trojan"-detection; But if it's will be suspicious-downloader... can be "trojan-dopper" detection, but can be... and without detection); Also in some situations.. can be related with "rating/popular-status/other".

 

Current detection on virustotal (I not sure.. but I checked results by hash for your analysis-link)... probably related with archive. Indeed.. I don't know... which files in current archive (if it more than one file) - but you can to try scan each of them.. and looking... which file/resource/library/other reason for detection.

If it's no one... related with "archive"; And it's probably not related with detection, which users can to meet during launch/using your trainer. But it's just suggestion.

 

Like also points... that what if any other companies (which you think "totally" dropped detection already) - still be with detection, when users start to use your trainer (it's can be another kind of detection already - multi-layer protection are popular; In some situations.. with some companies.... will be "alert" during each "layer" - because they doesn't work between each other - and it's strange).

Aspirant

Re: deviated trainers marked as suspicious

So f-secure dropped the detection again though they didn't let me know if it will be for future trainers or not and neither did they tell me what part of my trainer is setting off this heuristics detection. 

 

I guess i have to buy that digital signature somehow if i want my trainers to not have these annoying false-positives. You were right by the way, Symantec again started the detection WS.Reputation.1 though it took a couple days so i am guessing they do this when the file is used by a few people.

 

Anyway, thank you for your response they have been very helpful and i didn't actually think of this 

 

"Like also points... that what if any other companies (which you think "totally" dropped detection already) - still be with detection, when users start to use your trainer (it's can be another kind of detection already - multi-layer protection are popular; In some situations.. with some companies.... will be "alert" during each "layer" - because they doesn't work between each other - and it's strange)."

 

That has totally happened with my trainers before, there was no detection but still the trainer will be blocked without any sort of notification at all. This was worse than having a detection because the user didn't know their antivirus was blocking the trainer and blamed the trainer to be not working. 

 

I guess i better start saving for the certificate. I just can't believe it will be so much trouble making your favorite software.

 

Thank you again for your replies!.

Highlighted
Former F-Secure Employee

Re: deviated trainers marked as suspicious

Hello iNVOKE,

 

We'll start investigating the issue on our end, however it might take some time before we'll come up with a solution.

 

Of course both options you mentioned are still available to you;

 

a) As a workaround you can always submit new binaries to us (I understand it's time consuming to deliver them to us every time you change even a byte of the program.)

 

b) Signing the software with a certificate.

 

I can't promise that we'll arrive to a better resolution, but we'll take a look at what we can do in order to fix the situation.