topic debug executables flagged as malware? in LabWindows/CVI

debug executables flagged as malware?

ElectroLund — Thu, 19 Sep 2019 18:42:39 GMT

My company uses Symantec anti virus and this morning I was greeted with a bunch of my debug EXEs being flagged. Is there anything I should know about here? I doubt these are actually suspect files; most are from the example projects.

Re: debug executables flagged as malware?

Ian.W — Thu, 19 Sep 2019 19:41:49 GMT

I use virustotal.com to check files and URLs with dozens of AV engines in one shot. Though it does not get those positives removed from your Symantec filter, it could help convince them that their engine is creating false positives.

Re: debug executables flagged as malware?

kjellor — Tue, 05 Nov 2019 11:47:26 GMT

Hi, did you get any feedback from NI on this one?

Re: debug executables flagged as malware?

ElectroLund — Tue, 05 Nov 2019 13:48:42 GMT

No, I'm waiting on reply from my corporate IT.

Re: debug executables flagged as malware?

vix — Thu, 07 Nov 2019 12:36:00 GMT

The same issue sometimes happens with TrendMicro WorryFree Business Security used in my company.

The false positive are usually fixed in a couple of days by TrendMicro, but I must reinstall the software previously deleted

This happens both with CVI and LabVIEW applications.

Re: debug executables flagged as malware?

gdargaud — Wed, 11 Dec 2019 09:10:38 GMT

They probably flag everything not present in their database as malware ! And charge you for it.

Re: debug executables flagged as malware?

tombom — Mon, 10 Jan 2022 09:55:53 GMT

Hi All,

I'm using LabWindows 2020 and Windows 10.

It seems that I get a similar error with the McAfee virus scanner:

The application consists of a single UIR with two command buttons ( a "Quit" and an "Inc A" button, which increments a variable A each time when the button is pressed. The application is cleaned, as the debug-exe obviously tries to connect to some cloud service. It is cleaned from the system and deleted.

The examples, however, seem to work without any problems.

Has anybody an idea how to fix this?

McAfee only gives me the option to disable the specific thread function. This might no be a good idea.

The project "IncA" is attached as zip file.

Best regards

Re: debug executables flagged as malware?

tombom — Mon, 10 Jan 2022 10:48:28 GMT

Hi All,

at least for McAfee I possibly found a solution:

One needs to uncheck the Option "clean, if the recommended threshold is exceeded".

I do not know, if it is wise to do so, but at least I can debug the program.

Adidtionally, if I do not uncheck this option, the files created as "release" exe files are also not executed.

Re: debug executables flagged as malware?

mlh5953 — Mon, 10 Jan 2022 20:59:54 GMT

I had a similar problem using Avast.

I was able to remedy the problem by 'signing' my application.

I added a digital certificate I created, and no more problem.

Had to do the same thing with the distribution package.

Re: debug executables flagged as malware?

holly7787 — Tue, 06 Feb 2024 15:33:30 GMT

@mlh5953 ha scritto:

I added a digital certificate I created, and no more problem.

Hello, I've got this malware problem too but not on every application... how did you create your own certificate?

thanks

Re: debug executables flagged as malware?

mlh5953 — Tue, 06 Feb 2024 15:45:07 GMT

@holly7787: I used an older version of Acrobat Reader to create one.

Unfortunately the new version doesn't seem to include it.

Re: debug executables flagged as malware?

holly7787 — Tue, 06 Feb 2024 16:23:31 GMT

Maybe this will be useful, i've followed this guide from stackoverflow:

Microsoft recommends using the PowerShell Cmdlet New-SelfSignedCertificate.

Generate the key:
New-SelfSignedCertificate -DnsName email@yourdomain.com -Type CodeSigning -CertStoreLocation cert:\CurrentUser\My
Export the certificate without the private key:
Export-Certificate -Cert (Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert)[0] -FilePath code_signing.crt
The [0] will make this work for cases when you have more than one certificate... Obviously make the index match the certificate you want to use... or use a way to filtrate (by thumprint or issuer).
Import it as Trusted Publisher
Import-Certificate -FilePath .\code_signing.crt -Cert Cert:\CurrentUser\TrustedPublisher
Import it as a Root certificate authority.
Import-Certificate -FilePath .\code_signing.crt -Cert Cert:\CurrentUser\Root
Sign the script (assuming here it's named script.ps1, fix the path accordingly).
Set-AuthenticodeSignature .\script.ps1 -Certificate (Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert)

Obviously once you have setup the key, you can simply sign any other scripts with it.

in CVI i open "Build" -> "Target Settings..." -> "Signing Info..." and selected the new certificate

Re: debug executables flagged as malware?

rolfk — Thu, 08 Feb 2024 07:35:04 GMT

Many of those virus scanners are similar to a virus too. And often a real resource hog too. Real viruses usually try to be mean and lean as it reduces the risk of detection but that’s about all the difference there is. 😀

Re: debug executables flagged as malware?

RobertoBozzolo — Mon, 12 Feb 2024 08:38:17 GMT

Several anti virus program work also on the reputation of the executables, and since our programs are normally working only in one or a few instances they are flagged as "possibly malicious" due to the reduce number of installations.

This is particularly annoying when developing an application, since the debug executable the IDE creates when executing the program is different every time and every time I have my antivirus complaining about it! 🙄

Re: debug executables flagged as malware?

rolfk — Wed, 14 Feb 2024 08:47:43 GMT

Signing your executable definitely should increase its reputation score significantly and hopefully high enough that those virus scare programs don't complain anymore.