2

A friend's company just released an application recently, which received a false-positive warning with Norton AV from a client.

He found something on Norton's website that I believe he said was a form, and then he said that after submitting the form he was asked to download some application...?? He said he quickly left the page, but the issue of the false-positive is still there.

I had found a couple of sites that I think will help him, but not sure if they are complete solutions.

First is the Kaspersky Whitelist

http://whitelist.kaspersky.com/whitelist_program

Which mentions

To reduce the risk of a Partner's software being wrongly classified as malicious - known as false positive detections;

To ensure a positive experience for users when they download and use Partner's and Kaspersky Lab software;

Verified compatibility with the actual configurations of antivirus protection offered by Kaspersky Lab; Reduced risk of false alarms generated by antivirus protection in the event of non-standard behavior of the Partner’s software;

The thing is... Does this work with just Kaspersky Applications, or do other Anti-Virus applications/Whitelists get this information?

Then I found "VirusTotal," which I've heard mentioned in the past on here (I think), but I didn't look into it to much. Virus-Total mentions it scans applications with over "40 different Anti-Virus Applications," but I didn't see a mention of any "Whitelist," so I'm not sure this is a site for a whitelisting applications.

So my questions are.

  1. Is there a recommended place for developers to upload their applications, for testing, so that the applications can be added to whitelists for most, if not all AV applications?

  2. Was there anything to worry about by downloading that Norton program? I'm assuming it would ask you to provide the application for testing inside the program, but it's weird to both of us that it would be downloaded to test, and not you uploading the application... I know there are a lot of people who distrust Norton, so I figured I would ask how others feel about this weird situation hew as in.

Thanks.

XaolingBao
  • 897
  • 2
  • 9
  • 21
  • Yes, getting your software signed will help a lot but the worst case I've had is when the antivirus comes up and tells the user that a program they are running may not be legit but always give them the option to allow it anyways. – Joe Jan 03 '17 at 19:12

1 Answers1

1

Start off by scanning with VirusTotal (a Google-owned malware database), and see which AV software considers it a threat.

Proceed with contacting all the antivirus companies that flagged your software as a threat in order for them to whitelist your app. The Kaspersky page you mentioned has a registration form link, use it.

Here's Norton's page dedicated to the same purpose.

Keep searching for the relevant pages of each company on Google until you've covered them all.

Scan your app occasionally with VirusTotal to see if there was progress on your applications.

While tedious, it's the best way to my knowledge.

FatSecurity
  • 507
  • 3
  • 8
  • Thank you... So there isn't 1 large whitelist database that is shared upon all of the others? My friend, as well as myself, isn't really interested in Norton's download, nor would I really want to give my code to some of these companies, but if there's a resource that everyone uses... That would be awesome. Sadly... it seems everyone does their own thing. – XaolingBao Sep 19 '16 at 16:35
  • No central resource to my knowledge. Try starting out with the most popular 3 antivirus programs that recognize your app as a threat and see how it progresses – FatSecurity Sep 20 '16 at 08:13
  • From this link http://security.stackexchange.com/questions/96867/kaspersky-lab-malware-faking-how-worried-should-i-be?rq=1 it seems as if VirusTotal is a source for AV Companies, according to @Deer Hunter. Would a digital certificate help at all with making the application more "legit" to these AV programs? – XaolingBao Sep 20 '16 at 16:09
  • The item discussed in that thread is [this one](http://www.reuters.com/article/us-kaspersky-rivals-idUSKCN0QJ1CR20150814). VirusTotal is one of the sources AV companies use to update their virus DB, what Kaspersky *allegedly* did was to slightly modify system files to contain bad code, and add those files to the VT database. They *allegedly* did it to find out if their competitors were simply using their research and according to the results, it seems so. I'm not sure what to say about your cert question, try to contact one of the companies and ask them how you could resolve the issue – FatSecurity Sep 21 '16 at 07:59
  • I was just saying it seemed that VT is used by many AV companies, didn't really matter about the Kaspersky issue, but thanks for that info. I figured asking about a Certificate might help, but I honestly don't think it will, because I would assume malcious code would then be signed, which could be bad if it gave "trusted" status to that malicious code just for having a cert.... – XaolingBao Sep 21 '16 at 15:40