False Positive virus scan in 360

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

False Positive virus scan in 360

Postby GaRUi » Tue Mar 14, 2017 2:45 am

Hi all,

One user complained about a virus in our application as it has been identified as HEUR/QVM10.1.0000.Malware.Gen .

I have downloaded "Sample Application" for Windows32-bit http://opensource.spotify.com/cefbuilds/index.html and used https://www.virustotal.com for analysis. Qihoo-360 identified cefclient.exe as HEUR/QVM10.1.0000.Malware.Gen .

I have reported the issue as false positive and pointed out the source code and spotify build in the issue description (http://www.360totalsecurity.com/en/suspicion/). I hope it will get fixed soon. I can not link the issue report id here, since the web site did not provide me any.

I have just opened this topic in order to inform community and "magreenblatt" so that magreenblatt can take any other actions as he sees necessary.

Regards,
Aykut
Attachments
Screen Shot 2017-03-14 at 10.26.25.png
Screen Shot 2017-03-14 at 10.26.25.png (246.73 KiB) Viewed 4865 times
GaRUi
Techie
 
Posts: 10
Joined: Wed Jul 27, 2016 4:28 am

Re: False Positive virus scan in 360

Postby magreenblatt » Tue Mar 14, 2017 11:41 am

Reporting the false positive is the correct first step. You can avoid most AV problems by digitally signing the executables that you distribute.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: False Positive virus scan in 360

Postby GaRUi » Wed Mar 15, 2017 1:48 am

Thank you for the tip magreenblatt.
GaRUi
Techie
 
Posts: 10
Joined: Wed Jul 27, 2016 4:28 am

Re: False Positive virus scan in 360

Postby HarmlessDave » Sat Mar 18, 2017 4:13 pm

magreenblatt wrote:Reporting the false positive is the correct first step. You can avoid most AV problems by digitally signing the executables that you distribute.


Just to add a little, for you and for anyone who finds this via search:

To do this you would buy a "code signing certificate" from an authority like Thawte.com, then (for PC) you can use Microsoft's SignTool to add a SHA256 digital signature to the EXE to prove that it was created by your company and that the EXE has not been changed in any way since you signed it.

You can also use the certificate with setup programs like InstallShield to sign the setup EXE and prove that it was created by you too. This is a good idea if you have customers downloading your application since otherwise browsers may show them warnings about suspicious downloads.
HarmlessDave
Expert
 
Posts: 370
Joined: Fri Jul 11, 2014 2:02 pm


Return to Support Forum

Who is online

Users browsing this forum: No registered users and 35 guests