How to avoid false positive at Dev-Machines
Hi Community,
some of our colleagues develop in c# and "F-Secure Client Security Premium" (F-Secure Policy Manager) reports "Infektion: Heuristic.HEUR/AGEN.1203560" every time a c# Forms App will be compiled or executed.
A workaround, we use today is a whitelisted folder path for the developing process and a new whitelist filehash after the new app version is compiled and ready to use at production. This process costs every day effort and is not a practical way for the future.
Is there a best practice configuration for this issue?
Answers
-
Hi @Peter_Krahe
I suggest to submit the detection sample so our malware team can investigate further https://www.withsecure.com/en/support/contact-support/submit-a-sample
0 -
Hi Jamesch,
thank you. I uploaded a sample file with reference to this forum thread.
0 -
Hi James Chang,
do you have any updates or new information for me?
Do you have any questtions about the uploaded sample?0 -
Hi @Peter_Krahe , the case is being handled by our Malware Detection team, and I have pushed them for an update.
They will reply you directly from the case itself.
0 -
Hi James Chang,
are here any updates?
Until now, nobody contacted us about the case.0 -
Hi @Peter_Krahe
We sent you an email on 20th March with the below information:
Our analysis has found that the file you submitted is clean.
Our security products recently had a False Positive related to this file and the issue was then fixed automatically via WithSecure's Security Cloud.
In the event you are still experiencing a detection on this file, please send us a screenshot or scanning report showing the detection details for further investigation.
0 -
Hello,
What is the average response time from malware lab?
(I have submitted a request through My Support in the WithSecure Partner Portal on 2023-03-20, case number 04944425 but it's status is "New - P3" even today.)
Thanks in advance, Best regards: Tamas Feher, Budapest, Hungary.
0 -
Hi James Chang,
first Screenshot from "F-Secure Client Security Premium".
And one more from the Policy Manger from another date.
0 -
Hi @Tacsk0
Thank you for your submission and we apologize for the delay in responding. This ticket(04944425) has been notified to our virus lab to expedite the investigation.
Hi @Peter_Krahe , did you submit the sample here?
We would also encourage you all to "Subscribe to Updates" to get the ongoing MI alert/update for the False Positive Detection here
0 -
Hi Sethu Laks,
i submitted the Sample at March the 3rd to https://www[.]withsecure[.]com/en/support/contact-support/submit-a-sample
1 -
Hi @Peter_Krahe
By searching your email, I can see your virus lab ticket in our internal system. Our security products recently had a False Positive related to this file, and the issue was then fixed automatically via WithSecure's Security Cloud.
In the event you are still experiencing a detection on this file, please re-submit the samples with a screenshot or scanning report showing the detection details for further investigation.
0 -
Hi Sethu Laks,
i can confirm that no more false-positives are generated with the affected c# code.
Thank you
1
Categories
- All Categories
- 4.7K WithSecure Community
- 3.6K Products
- 1 Get Support