As a Software Industry Editor, how to avoid my software being quarantined?

Question

I'm a well established software company. For more than 30 years, my business has been delivering both hardware and software.

My Windows software is being quarantined by some of my customer's antivirus.

How I handle it, up to now, is that I have been asking Symantec to whitelist every single executable binary I build, but this is a real pain because : - I don't know inadvance which AV provider my customer will use, so I should also tacket with Kapersky, MS ... - The whitelisting request could be denied by the AV provider, making my customer not to be able to use my software, unless the customer creates manual exceptions. And many Tier-1 customer will definitely not accept this. - The whitelisting process is manual, and lengthy

From my understanding, signing the installer/executables would probably help, but with no guarantee.

What is the ideal procedure to gain reputation and being able to deploy installers/executables not being quarantined ? How do new software editors make it possible to deploy their applications without being quarantined ?

It's difficult to find a "one-size fits all" resource on the Web, all are AV specific.

Answer 1

Most AV vendors have some form of a "Trusted Software Vendor List". Any binary signed by a vendor on this list automatically gets trusted, so you do not have to beg for each binary to be whitelisted. Symantec had one but cancelled it.

Some AV vendors will adjust their detection score if you simply sign the binary (which is a little scary, in and of itself).

You are correct, there is no one-size-fits-all solution. And there shouldn't be. Think of the opportunities for abuse if there was some kind of central list or a universal way for a new binary to be automatically whitelisted by all products.

If your software performs risky functions, then it is legitimate for AV to protect the system from it.

There might be ways to make your process more efficient, though. You could submit a non-production version your new binary to VirusTotal and then go through the process for each product (apply for whitelist, submit a "false positive" report, etc.) that pinged on your binary. If you submit a production version, then the hash of that binary might be quarantined faster in the field by your customers.