I received this error ("Heur.AdvML.B has been detected") while trying to compile and run a simple C++ console application in Visual Studio 2019 Community edition on Windows 10. The source code for the program is as follows:
(Edit: apparently the include files have been removed from the source code since they were within angular brackets. The includes are, windows.h, iostream, and cstdio)
#include
#include
#include
int main()
{
SYSTEM_INFO si;
::GetNativeSystemInfo(&si);
printf("Number of Logical Processors: %d\n", si.dwNumberOfProcessors);
printf("Page Size: %d Bytes\n", si.dwPageSize);
printf("Processor Mask: 0x%p\n", (PVOID) si.dwActiveProcessorMask);
printf("Minimum process address: 0x%p\n", si.lpMinimumApplicationAddress);
printf("Maximum process address: 0x%p\n", si.lpMaximumApplicationAddress);
return 0;
}
This obviously looks like a false positive. What can I do to turn this off, please?
If this is not a false positive, would you like the binary .exe file that has been produced? How do I get it to you?
Files being developed are often flagged just because Norton has never seen them before. So sometimes these files include debugging code that can be detected as possible malware.
Thanks again for your help. I had tried restarting earlier, but it didn't work.
I think I figured out what the issue was. Norton found the issue the first time and saved that information as a detected threat. I then changed the settings to ignore the D:\Programs folder. But Norton still kept reminding me based on the earlier information, quite likely without doing a fresh scan based on my changed setting. It apparently only seems to take that setting into consideration for future scans.
I renamed the source folder from D:\Programs\Console1 to D:\Programs\Console2. I just now ran a full scan, and there are no more reports. Unless I have made a mistake, the problem shouldn't happen now.
The question of why it detected my original file as malware still remains. It's not just Norton, a bunch of other engines detected it too. See here: https://www.virustotal.com/gui/file/199d8cc116178b0c9b5e0c11514c6a6eb8fb84def59b60343b22a398482afb46 . Probably they are all using the same virus definition and detecting false positives.
I have asked the question on MSDN regarding this, and have also submitted the file to Norton. I'll wait to see if anything comes out of it.
Be sure you restart your computer after making the exceptions and before trying to run your projects. Restart, not shutdown and startup again if you have Windows Fast Startup feature enabled. If you use Windows 8/8.1 or 10, there can be an issue with the Windows Fast Startup feature.. See more information here.
I am clearly doing something wrong - Norton is apparently ignoring my settings to exclude the directory D:\Programs and all its subdirectories from scans, and keeps reporting the error.
I will paste the screens below just to ensure that I am not doing anything silly (which is very much possible!).
The idea is to put all your project files into the Master folder I suggested creating. I take it that you are using the d:/Programs as your master folder. You do want the Include Subfolders option checked to protect everything in d:/Programs. Just be sure that everything required to run your projects is located in the same master folder.
Once you have set up the exclusion, it does not matter what Windows user account you are using.
As a developer, you need to create a master folder for all your projects. Then exclude that folder from Both items in the image below.
I have tried doing this, and even restarted the machine. I have excluded D:\Programs from both scans, and checked the include subfolders option as well. My source code is in D:\Programs\Console1 .
But the problem still remains - Norton pops up a window telling me about the threat. For good measure, I tested this with leaving the "Include folders" option unchecked. It still pops up the warning message. What could be wrong?
I am running as an ordinary user on windows, and only the admin user account allows me to specify the excluded directories. I don't know if this is an issue.