How to avoid false positive at Dev-Machines

Peter_Krahe

Hi Community,

some of our colleagues develop in c# and "F-Secure Client Security Premium" (F-Secure Policy Manager) reports "Infektion: Heuristic.HEUR/AGEN.1203560" every time a c# Forms App will be compiled or executed.

A workaround, we use today is a whitelisted folder path for the developing process and a new whitelist filehash after the new app version is compiled and ready to use at production. This process costs every day effort and is not a practical way for the future.

Is there a best practice configuration for this issue?

JamesC

Hi @Peter_Krahe

I suggest to submit the detection sample so our malware team can investigate further https://www.withsecure.com/en/support/contact-support/submit-a-sample

Peter_Krahe

Hi Jamesch,

thank you. I uploaded a sample file with reference to this forum thread.

Peter_Krahe

Hi James Chang,

do you have any updates or new information for me?
Do you have any questtions about the uploaded sample?

JamesC

Hi @Peter_Krahe , the case is being handled by our Malware Detection team, and I have pushed them for an update.

They will reply you directly from the case itself.

Peter_Krahe

Hi James Chang,

are here any updates?
Until now, nobody contacted us about the case.

JamesC

Hi @Peter_Krahe

We sent you an email on 20th March with the below information:

Our analysis has found that the file you submitted is clean.

Our security products recently had a False Positive related to this file and the issue was then fixed automatically via WithSecure's Security Cloud.
 

In the event you are still experiencing a detection on this file, please send us a screenshot or scanning report showing the detection details for further investigation.

Tacsk0

Hello,

What is the average response time from malware lab?

(I have submitted a request through My Support in the WithSecure Partner Portal on 2023-03-20, case number 04944425 but it's status is "New - P3" even today.)

Thanks in advance, Best regards: Tamas Feher, Budapest, Hungary.

Peter_Krahe

Hi James Chang,

first Screenshot from "F-Secure Client Security Premium".

And one more from the Policy Manger from another date.

Sethu Laks

Hi @Tacsk0

Thank you for your submission and we apologize for the delay in responding. This ticket(04944425) has been notified to our virus lab to expedite the investigation.

Hi @Peter_Krahe , did you submit the sample here?

We would also encourage you all to "Subscribe to Updates" to get the ongoing MI alert/update for the False Positive Detection here https://status.withsecure.com/

Peter_Krahe

Hi Sethu Laks,

i submitted the Sample at March the 3rd to https://www[.]withsecure[.]com/en/support/contact-support/submit-a-sample

Sethu Laks

Hi @Peter_Krahe

By searching your email, I can see your virus lab ticket in our internal system. Our security products recently had a False Positive related to this file, and the issue was then fixed automatically via WithSecure's Security Cloud.

In the event you are still experiencing a detection on this file, please re-submit the samples with a screenshot or scanning report showing the detection details for further investigation.

Peter_Krahe

Hi Sethu Laks,

i can confirm that no more false-positives are generated with the affected c# code.

Thank you