Delphi and the false positive problem (again, it seems)
I've seen previous posts on Delphi false positives but not a clear answer, and I am getting seriously fed up.
I have an app developed with RAD Studio / Delphi that until recently compiled and ran just fine. Now Norton reports HEUR.ADV.ML.B I have submitted to the false positive reporting and I am told its is clean. My App also reports clean on McAfee (and even an on demand Norton scan says its clean).
My problem is that I am unable to do any code development. As soon as I build the app Norton does an immediate Heuristic scan, declares the App a risk and "clobbers" my .exe file. I can only work by disabling Heurstic scanning but as soon as I revert to a safe mode by reinstating AV my file is again quarantined. It is a small app, it doesn't do a great deal apart from walk a directory tree , open csv files, and some VCL for handling.
So how can I test / debug when Norton keeps quarantining my exe?
Note also that:
1) My PC has had a full scan (including Power Eraser) and no problems are reported.
2) Three other apps I developed build and run without issue.
3) No significant changes were made to the app that used to build and run
4) an earlier archived version that built and ran OK has also "acquired" this problem.
5) VirusTotal reports my App as clean.
I'm confident my App is OK. Because of (3) and (4) I suspect that a recent update has caused this.
So how the hell do I find out what it is that the Heuristic analysis objects to? How do I get around this? I have tried removing chunks of code to try pin down the problem but with no success.
The Norton help desk was not helpful. The agent suggested that I exclude the Dephi directory from the scan. This is not a good solution because it hides temporarily the problem, Norton will clobbers it again as soon as I move the file. Also, I want to share this app with others and they too may use Norton. The help desk agent also suggested I digitally sign the code - well I can hardly do this whilst I'm in an iterative fix / build / test cycle.
Is my only option to change to another vendor's AV product? Without a solution I may have no option.