This must have happened with a fairly recent definition update as I did not have it a week ago (I’m not sure when I last opened this software but it couldn’t have been more than a week). A piece of software I wrote was flagged as a virus and blocked the second I compiled it to run it. I then went to open an older build of it (I was already in visual studio originally so building and launching was more convenient) it also found that to be a virus.
Like I said I wrote the code myself so I know it is not a virus. It goes on the local network, lists some configuration files to you (XML files with a custom extension), lets you pick one and edit it. Perhaps the weirdest part though is that this program has very little code in and of itself. It works by loading a running a Form in a DLL (a referenced project in Visual Studio that’s built to a DLL). Other programs that use this DLL (but start from a form within themselves) do not have an issue. The entire code of the exe can be placed here:
using System;
using System.Collections.Generic;
using System.Windows.Forms;
using ATE.GUI.Dialogs;
using ATE.Configuration;
namespace ATE_Results_Loader
{
static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run(new ATE.GUI.DataViewerForm());
}
}
}
ATE.GUI.DataViewerForm is within the DLL (which does not report as suspicious)
Interesting. Uploading the file there indicates no virus (even from avast). I then decided to use the “Scan with avast” option in the right click menu. This also does not report a problem. But when I goto run it (from a Microsoft ClickOnce installation if that’s relevant) I still get this message and the file is removed:
While I can add my bin folder to the exclusion list that does not work for the click once deployment. Each update leaves the old version intact and creates a new folder with the updated version (all buried in AppData). So the only solution would be to exclude all click once applications (not something I’m trying to do from a security standpoint). It as also not acceptable from a design standpoint to make my users modify their antivirus settings to run my program. I’m working on my personal machine but this software internal for a business (and I’m not the only one use uses their personal machine that has Avast on it to work).
Is there anyway to figure out what is causing my program to appear suspicious and prevent/undo it?