• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

此论坛帖文需要解决方案。
好评0

Delphi and the false positive problem (again, it seems)

I've seen previous posts on Delphi false positives but not a clear answer, and I am getting seriously fed up.  

I have an app developed with RAD Studio / Delphi that until recently compiled and ran just fine.  Now Norton reports HEUR.ADV.ML.B I have submitted to the false positive reporting and I am told its is clean.  My App also reports clean on McAfee (and even an on demand Norton scan says its clean).

My problem is that I am unable to do any code development.  As soon as I build the app Norton does an immediate Heuristic scan, declares the App a risk and "clobbers" my .exe file.  I can only work by disabling Heurstic scanning but as soon as I revert to a safe mode by reinstating AV my file is again quarantined.  It is a small app, it doesn't do a great deal apart from walk a directory tree , open csv files, and some VCL for handling.

So how can I test / debug when Norton keeps quarantining my exe?  

Note also that:

1) My PC has had a full scan (including Power Eraser) and no problems are reported. 

2) Three other apps I developed build and run without issue.

3) No significant changes were made to the app that used to build and run

4) an earlier archived version that built and ran OK has also "acquired" this problem.

5) VirusTotal reports my App as clean.

I'm confident my App is OK. Because of (3) and (4) I suspect that a recent update has caused this. 

So how the hell do I find out what it is that the Heuristic analysis objects to?  How do I get around this?  I have tried removing chunks of code to try pin down the problem but with no success.

The Norton help desk was not helpful.  The agent suggested that I exclude the Dephi directory from the scan.  This is not a good solution because it hides temporarily the problem,  Norton will clobbers it again as soon as I move the file.  Also, I want to share this app with others and they too may use Norton.  The help desk agent also suggested I digitally sign the code - well I can hardly do this whilst I'm in an iterative fix / build / test cycle.  

Is my only option to change to another vendor's AV product?  Without a solution I may have no option.

回复

好评0

Re: Delphi and the false positive problem (again, it seems)

Hello Pcb

If you are program developer, please create a folder and put all of your development files into that folder. Please put that folder into Settings>Antivirus>Scans and Risks>Exclusions/Low Risks>Items to Exclude From Scans> Configure>Items to Exclude from Auto-Protect, SONAR, and Download Intelligence Detection>Configure.

Backup that folder some place safe in case you have to enter it after updating to a new version of your Norton product..

Do this if you are sure all the files are clean.

That should keep your files from getting deleted or reports of malware.

Please let us know how you make out.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.