To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

How to avoid false positive at Dev-Machines

Peter_Krahe
Peter_Krahe W/ Member Posts: 7 Security Scout
edited October 2023 in WithSecure Business Suite

Hi Community,

some of our colleagues develop in c# and "F-Secure Client Security Premium" (F-Secure Policy Manager) reports "Infektion: Heuristic.HEUR/AGEN.1203560" every time a c# Forms App will be compiled or executed.

A workaround, we use today is a whitelisted folder path for the developing process and a new whitelist filehash after the new app version is compiled and ready to use at production. This process costs every day effort and is not a practical way for the future.

Is there a best practice configuration for this issue?

Answers

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 498 Moderator

    Hi @Peter_Krahe

    I suggest to submit the detection sample so our malware team can investigate further https://www.withsecure.com/en/support/contact-support/submit-a-sample

  • Peter_Krahe
    Peter_Krahe W/ Member Posts: 7 Security Scout

    Hi Jamesch,

    thank you. I uploaded a sample file with reference to this forum thread.

  • Peter_Krahe
    Peter_Krahe W/ Member Posts: 7 Security Scout

    Hi James Chang,

    do you have any updates or new information for me?
    Do you have any questtions about the uploaded sample?

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 498 Moderator

    Hi @Peter_Krahe , the case is being handled by our Malware Detection team, and I have pushed them for an update.

    They will reply you directly from the case itself.

  • Peter_Krahe
    Peter_Krahe W/ Member Posts: 7 Security Scout

    Hi James Chang,

    are here any updates?
    Until now, nobody contacted us about the case.

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 498 Moderator

    Hi @Peter_Krahe

    We sent you an email on 20th March with the below information:

    Our analysis has found that the file you submitted is clean.

    Our security products recently had a False Positive related to this file and the issue was then fixed automatically via WithSecure's Security Cloud.
     

    In the event you are still experiencing a detection on this file, please send us a screenshot or scanning report showing the detection details for further investigation.

  • Tacsk0
    Tacsk0 W/ Member Posts: 4 Security Scout

    Hello,

    What is the average response time from malware lab?

    (I have submitted a request through My Support in the WithSecure Partner Portal on 2023-03-20, case number 04944425 but it's status is "New - P3" even today.)

    Thanks in advance, Best regards: Tamas Feher, Budapest, Hungary.

  • Peter_Krahe
    Peter_Krahe W/ Member Posts: 7 Security Scout

    Hi James Chang,

    first Screenshot from "F-Secure Client Security Premium".

    And one more from the Policy Manger from another date.

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 205 Moderator
    edited March 2023

    Hi @Tacsk0

    Thank you for your submission and we apologize for the delay in responding. This ticket(04944425) has been notified to our virus lab to expedite the investigation.

    Hi @Peter_Krahe , did you submit the sample here?

    We would also encourage you all to "Subscribe to Updates" to get the ongoing MI alert/update for the False Positive Detection here https://status.withsecure.com/

  • Peter_Krahe
    Peter_Krahe W/ Member Posts: 7 Security Scout

    Hi Sethu Laks,

    i submitted the Sample at March the 3rd to https://www[.]withsecure[.]com/en/support/contact-support/submit-a-sample

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 205 Moderator

    Hi @Peter_Krahe

    By searching your email, I can see your virus lab ticket in our internal system. Our security products recently had a False Positive related to this file, and the issue was then fixed automatically via WithSecure's Security Cloud.

    In the event you are still experiencing a detection on this file, please re-submit the samples with a screenshot or scanning report showing the detection details for further investigation.

  • Peter_Krahe
    Peter_Krahe W/ Member Posts: 7 Security Scout

    Hi Sethu Laks,

    i can confirm that no more false-positives are generated with the affected c# code.

    Thank you

This discussion has been closed.