MinGW-users

Fwd: Heur.AdvML.B comes up when I build an exe file

Classic

List

Threaded

8 messages Options

Stephen

Fwd: Heur.AdvML.B comes up when I build an exe file

Does anyone know why when I compile a file, the exe that it builds is removed by Norton with the message that it has a "Heuristic Virus - detection of a threat based on malware heuristics". I've scanned with Norton and also Malwarebytes and both give me a clean PC. I am using MinGW Product Version 0.6.2-beta-20131004-1 installed 31/12/2016 to my PC. Any help would be appreciated by this very raw novice.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
MinGW-users mailing list
[hidden email]

This list observes the Etiquette found at
http://www.mingw.org/Mailing_Lists.
We ask that you be polite and do the same. Disregard for the list etiquette may cause your account to be moderated.

_______________________________________________
You may change your MinGW Account Options or unsubscribe at:
https://lists.sourceforge.net/lists/listinfo/mingw-users
Also: mailto:[hidden email]?subject=unsubscribe

Eli Zaretskii

Re: Fwd: Heur.AdvML.B comes up when I build an exe file

> From: Stephen <[hidden email]>
> Date: Sun, 1 Jan 2017 16:38:21 +0000
>
> Does anyone know why when I compile a file, the exe that it builds is
> removed by Norton with the message that it has a "Heuristic Virus -
> detection of a threat based on malware heuristics". I've scanned with
> Norton and also Malwarebytes and both give me a clean PC. I am using
> MinGW Product Version 0.6.2-beta-20131004-1 installed 31/12/2016 to my
> PC. Any help would be appreciated by this very raw novice.

Report this to Norton as a false positive. They might want a sample
of a program that causes this.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
MinGW-users mailing list
[hidden email]

This list observes the Etiquette found at
http://www.mingw.org/Mailing_Lists.
We ask that you be polite and do the same. Disregard for the list etiquette may cause your account to be moderated.

_______________________________________________
You may change your MinGW Account Options or unsubscribe at:
https://lists.sourceforge.net/lists/listinfo/mingw-users
Also: mailto:[hidden email]?subject=unsubscribe

Stephen

Re: Fwd: Heur.AdvML.B comes up when I build an exe file

Eli - I did indeed send a copy of the file to Norton with a suitable
note. However I can see from searches that over the years this very same
virus has arisen form others compiling to exe files, and these folk have
raised a false positive with Norton. Nothing however seems to improve.
So I was hoping to understand why this is happening to me. Thanks for
getting back to me, Stephen

On 01/01/2017 16:53, Eli Zaretskii wrote:

>> From: Stephen <[hidden email]>
>> Date: Sun, 1 Jan 2017 16:38:21 +0000
>>
>> Does anyone know why when I compile a file, the exe that it builds is
>> removed by Norton with the message that it has a "Heuristic Virus -
>> detection of a threat based on malware heuristics". I've scanned with
>> Norton and also Malwarebytes and both give me a clean PC. I am using
>> MinGW Product Version 0.6.2-beta-20131004-1 installed 31/12/2016 to my
>> PC. Any help would be appreciated by this very raw novice.
> Report this to Norton as a false positive. They might want a sample
> of a program that causes this.
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> MinGW-users mailing list
> [hidden email]
>
> This list observes the Etiquette found at
> http://www.mingw.org/Mailing_Lists.
> We ask that you be polite and do the same. Disregard for the list etiquette may cause your account to be moderated.
>
> _______________________________________________
> You may change your MinGW Account Options or unsubscribe at:
> https://lists.sourceforge.net/lists/listinfo/mingw-users
> Also: mailto:[hidden email]?subject=unsubscribe

Eli Zaretskii

Re: Fwd: Heur.AdvML.B comes up when I build an exe file

> From: Stephen <[hidden email]>
> Date: Sun, 1 Jan 2017 17:01:49 +0000
>
> Eli - I did indeed send a copy of the file to Norton with a suitable
> note. However I can see from searches that over the years this very same
> virus has arisen form others compiling to exe files, and these folk have
> raised a false positive with Norton. Nothing however seems to improve.
> So I was hoping to understand why this is happening to me. Thanks for
> getting back to me, Stephen

You aren't having a virus, that's for sure. If Norton aren't going to
fix this, simply switch to another anti-virus software.

This happened to me (not with Norton), last time a couple of months
ago. I reported that, and the problem was promptly fixed with the
next update of the virus database.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
MinGW-users mailing list
[hidden email]

This list observes the Etiquette found at
http://www.mingw.org/Mailing_Lists.
We ask that you be polite and do the same. Disregard for the list etiquette may cause your account to be moderated.

_______________________________________________
You may change your MinGW Account Options or unsubscribe at:
https://lists.sourceforge.net/lists/listinfo/mingw-users
Also: mailto:[hidden email]?subject=unsubscribe

Emanuel Falkenauer

Re: Fwd: Heur.AdvML.B comes up when I build an exe file

On 01-Jan-17 19:16, Eli Zaretskii wrote:

>> From: Stephen <[hidden email]>
>> Date: Sun, 1 Jan 2017 17:01:49 +0000
>>
>> Eli - I did indeed send a copy of the file to Norton with a suitable
>> note. However I can see from searches that over the years this very same
>> virus has arisen form others compiling to exe files, and these folk have
>> raised a false positive with Norton. Nothing however seems to improve.
>> So I was hoping to understand why this is happening to me. Thanks for
>> getting back to me, Stephen
> You aren't having a virus, that's for sure. If Norton aren't going to
> fix this, simply switch to another anti-virus software.
>
> This happened to me (not with Norton), last time a couple of months
> ago. I reported that, and the problem was promptly fixed with the
> next update of the virus database.

I had those with Avast many times and, indeed, I reported the false
positives... But I guess it's not easy for the AV people to take into
account such reports: after all, a virus maker could report their own
maleware as a false positive in order not to be detected!
Best workaround: declare your own concoctions as exceptions for the AV
not to scan.

Best for 2017 to you all!

> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> MinGW-users mailing list
> [hidden email]
>
> This list observes the Etiquette found at
> http://www.mingw.org/Mailing_Lists.
> We ask that you be polite and do the same. Disregard for the list etiquette may cause your account to be moderated.
>
> _______________________________________________
> You may change your MinGW Account Options or unsubscribe at:
> https://lists.sourceforge.net/lists/listinfo/mingw-users
> Also: mailto:[hidden email]?subject=unsubscribe
>

Emanuel Falkenauer

Re: Fwd: Heur.AdvML.B comes up when I build an exe file

One more thing: I noticed that the "heuristic detection" of your
"maleware" was actually based on the basis of it being very new and not
used by many - which is of course bound to be the case for EVERY exe you
will produce (and whatever update the AV people produce for their virus
database)!
Only way I see to get rid of those false positives: build all your exe's
into a well-defined single folder (and its subfolders) and declare the
whole folder as an exception not to be scanned by the AV.

On 02-Jan-17 03:27, Emanuel Falkenauer wrote:

> On 01-Jan-17 19:16, Eli Zaretskii wrote:
>>> From: Stephen <[hidden email]>
>>> Date: Sun, 1 Jan 2017 17:01:49 +0000
>>>
>>> Eli - I did indeed send a copy of the file to Norton with a suitable
>>> note. However I can see from searches that over the years this very same
>>> virus has arisen form others compiling to exe files, and these folk have
>>> raised a false positive with Norton. Nothing however seems to improve.
>>> So I was hoping to understand why this is happening to me. Thanks for
>>> getting back to me, Stephen
>> You aren't having a virus, that's for sure. If Norton aren't going to
>> fix this, simply switch to another anti-virus software.
>>
>> This happened to me (not with Norton), last time a couple of months
>> ago. I reported that, and the problem was promptly fixed with the
>> next update of the virus database.
> I had those with Avast many times and, indeed, I reported the false
> positives... But I guess it's not easy for the AV people to take into
> account such reports: after all, a virus maker could report their own
> maleware as a false positive in order not to be detected!
> Best workaround: declare your own concoctions as exceptions for the AV
> not to scan.
>
> Best for 2017 to you all!
>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> MinGW-users mailing list
>> [hidden email]
>>
>> This list observes the Etiquette found at
>> http://www.mingw.org/Mailing_Lists.
>> We ask that you be polite and do the same. Disregard for the list etiquette may cause your account to be moderated.
>>
>> _______________________________________________
>> You may change your MinGW Account Options or unsubscribe at:
>> https://lists.sourceforge.net/lists/listinfo/mingw-users
>> Also: mailto:[hidden email]?subject=unsubscribe
>>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> MinGW-users mailing list
> [hidden email]
>
> This list observes the Etiquette found at
> http://www.mingw.org/Mailing_Lists.
> We ask that you be polite and do the same. Disregard for the list etiquette may cause your account to be moderated.
>
> _______________________________________________
> You may change your MinGW Account Options or unsubscribe at:
> https://lists.sourceforge.net/lists/listinfo/mingw-users
> Also: mailto:[hidden email]?subject=unsubscribe
>

Earnie Boyd

Re: Fwd: Heur.AdvML.B comes up when I build an exe file

On 1/1/2017 10:03 PM, Emanuel Falkenauer wrote:
> Only way I see to get rid of those false positives: build all your exe's
> into a well-defined single folder (and its subfolders) and declare the
> whole folder as an exception not to be scanned by the AV.
>

This is the only way to build software with AV software installed.
Eliminate the scan of the work folders. I typically use a USB device
for my builds and declare the whole device to be not scanned. The only
time I would scan it is during a manual scan with manual resolution for
the issues.

--
Earnie

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
MinGW-users mailing list
[hidden email]

This list observes the Etiquette found at
http://www.mingw.org/Mailing_Lists.
We ask that you be polite and do the same. Disregard for the list etiquette may cause your account to be moderated.

_______________________________________________
You may change your MinGW Account Options or unsubscribe at:
https://lists.sourceforge.net/lists/listinfo/mingw-users
Also: mailto:[hidden email]?subject=unsubscribe

Stephen

Re: Fwd: Heur.AdvML.B comes up when I build an exe file

Thanks Earnie - I've done this now and all works well.

On 02/01/2017 16:11, Earnie wrote:

> On 1/1/2017 10:03 PM, Emanuel Falkenauer wrote:
>> Only way I see to get rid of those false positives: build all your exe's
>> into a well-defined single folder (and its subfolders) and declare the
>> whole folder as an exception not to be scanned by the AV.
>>
> This is the only way to build software with AV software installed.
> Eliminate the scan of the work folders. I typically use a USB device
> for my builds and declare the whole device to be not scanned. The only
> time I would scan it is during a manual scan with manual resolution for
> the issues.
>