Somehow virustotal's minions dislike my compiler's output.
sample files, sample "analysis".
I'd like to reduce the likelihood of these false positives as "maliciousness" of ~37% is a bit too high for an absolutely benign program.
If anyone battled a similar problem and can share any useful findings, it would be great.
In essence, I'm after a recipe to generate least suspicious executables.
I know my PEs aren't perfect (I know of a few specific minor issues that Windows lets me get away with) but I also know that any sufficiently fast antivirus program is going to be much much less than perfect and this is what I'm seeing. For example, adjusting the stack/heap reserved/committed sizes is enough to shut up a few of them, which speaks to the quality of their malware detection.
Here's one paper detailing the bizarre inner workings of some of the sa(i)d AVs: Attributes of Malicious Files by Joel Yonts.
Any help is appreciated.
PE/COFF executable and antivirus false positives
Re: PE/COFF executable and antivirus false positives
Yet another argument against antivirus.
I stopped trusting them when one triggered against one of my programs, but did not trigger anymore after turning a condition around. On a RISC architecture, the signature based way might work, but on x86 you can just forget it.
Sorry alexfru, this also means I can't help you. Just wanted to vent a little.
I stopped trusting them when one triggered against one of my programs, but did not trigger anymore after turning a condition around. On a RISC architecture, the signature based way might work, but on x86 you can just forget it.
Sorry alexfru, this also means I can't help you. Just wanted to vent a little.
Carpe diem!