Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (4)

Resolved Virus in application created by PB

  1. Issue
0
Votes
Undo
  1. Maymone Dahan
    Maymone Dahan
  2. PowerBuilder
  3. Tuesday, 12 December 2023 17:57 PM UTC

Question for Appeon team.

I have a very small application developed in Powerbuilder 2022. When I check the exe file 'with "https://www.virustotal.com/gui/home/upload" it detects 3 viruses: 

- Gen:NN.ZexaF

Trojav.Genric@A1.89

- Suspicious.Low.Ml.score

See attached.

The program has only a messagebox of "Hello, world"

The customer denies to use the program in his site because of that.

What do you suggest to do?

Thanks

 

 

Attachments (1)
PB_VIRUS.png PB_VIRUS.png
  1. .EXE
ole.InserFile() failing with rc=-9
Upgrading Oracle 19c - PB2022 Build 1900
Responses (4)
John Raghanti
John Raghanti Accepted Answer Pending Moderation
  1. Wednesday, 13 December 2023 12:34 PM UTC
  2. PowerBuilder
  3. # 1

You may need to sign your executable. A lot of AV programs don't like those at all. 

Comment
There are no comments made yet.
Sivaprakash BKR
Sivaprakash BKR Accepted Answer Pending Moderation
  1. Wednesday, 13 December 2023 08:53 AM UTC
  2. PowerBuilder
  3. # 2

My experience in this issue.

We use McAfee internally.  When we run (32 bit) compiled application, McAfee promptly quarantine that file.  When I sent the exe file to McAfee, they told me they will whitelist the exe, so no further blocking will happen.  It took 10-15 days for them to come out with a new update.   That update didn't delete the exe, that we sent to McAfee.  

In the meantime, we modified / re-compiled the exe many-a-times, which promptly got deleted by McAfee, as those were not white-listed.  So in my opinion whitelisting is not a permanent solution, to me atleast.  

The same issue is not there if we make 64 bit application.  McAfee didn't delete/quarantine those 64-bit of the same applications.

Now the question is

1.  Is it the problem of Appeon or McAfee?  As only 32-bit applications are affected.

2.  When every users of PB has the same issue, is it still the responsibility of individual users to contact the AV company? 

3.  Appeon (CEO) says their products are AV tested.  Does that mean the applications developed using PB are also tested.  Have Appeon developed any sample application (32 bit) and tested for virus warnings?

4.  Can Appeon suggest one / two good AV's that the PB applications can work without issues?

Happiness Always
BKR Sivaprakash

 

Comment
Chris Pollach @Appeon
  1. Chris Pollach @Appeon
  2. Wednesday, 13 December 2023 13:31 PM UTC
Hi BKR;

FWIW: I dropped McAfee about 10 years ago & switched all my machines over to the built-in Windows Defender AV. I've never had an issue with compiled PB App EXE's being quarantined since then. HTH

Regards ... Chris
  1. Helpful
mike S
  1. mike S
  2. Wednesday, 13 December 2023 16:19 PM UTC
many AV simply look at things such as how many users, how new, and what it is doing. Often as soon as you do anything with the network (such as connect to a database even using standard ports), then it quarantines the file.



the only real solution is to sign the exe.
  1. Helpful
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Saturday, 16 December 2023 05:49 AM UTC
mike,

Does it scan only 32-bit applications for such activities? Why doesn't it quarantine 64bit exe?

  1. Helpful
There are no comments made yet.
Andreas Mykonios
Andreas Mykonios Accepted Answer Pending Moderation
  1. Wednesday, 13 December 2023 08:25 AM UTC
  2. PowerBuilder
  3. # 3

Hi.

While I'm not an expert, I would give more importance to the results shown in behavior... I say that because 5/72 is not so bad, given that most of those 5 AV vendors are small... Of course this can't be the answer to your client. You can always try to contact them.

Andreas.

Comment
There are no comments made yet.
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Tuesday, 12 December 2023 20:28 PM UTC
  2. PowerBuilder
  3. # 4

Hi Maymone ;

  The problem is the AV software being used. We have seen this over and over again many times. Especially when non-mainstream AV's are used. However, this issue is really about the AV "trusting" your compiled App 's EXE. When Appeon Beat tests & releases any PB version we test the IDE and the Compiled App EXE signature with many mainstream AV software vendors. If it fails, we inform the AV vendor so that they can adjust their scanning process (aka definitions). You can get your AV software to trust your EXE signature via (as a few examples) ...

  • Have the AV Software Vendor update their software AV definitions
  • Have your AV team(s) add an exception for your App EXE(s)
  • Add a "Manifest" file that allows the AV software to trust your App EXE.
  • Digitally sign your App EXE(s) with a trusted certificate.

HTH

Regards .. Chris

Comment
Armeen Mazda @Appeon
  1. Armeen Mazda @Appeon
  2. Wednesday, 13 December 2023 01:47 AM UTC
Adding to what Chris said, there is no virus in the PB product itself and those are false positives. You should notify virustotal.com of the false positives. https://www.virustotal.com/gui/contact-us/technical-support
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.