How to avoid false positive at Dev-Machines

Hi Community,
some of our colleagues develop in c# and "F-Secure Client Security Premium" (F-Secure Policy Manager) reports "Infektion: Heuristic.HEUR/AGEN.1203560" every time a c# Forms App will be compiled or executed.
A workaround, we use today is a whitelisted folder path for the developing process and a new whitelist filehash after the new app version is compiled and ready to use at production. This process costs every day effort and is not a practical way for the future.
Is there a best practice configuration for this issue?
Answers
-
Hi @Peter_Krahe
I suggest to submit the detection sample so our malware team can investigate further https://www.withsecure.com/en/support/contact-support/submit-a-sample
-
-
Hi James Chang,
do you have any updates or new information for me?
Do you have any questtions about the uploaded sample? -
Hi James Chang,
are here any updates?
Until now, nobody contacted us about the case. -
Hi @Peter_Krahe
We sent you an email on 20th March with the below information:
Our analysis has found that the file you submitted is clean.
Our security products recently had a False Positive related to this file and the issue was then fixed automatically via WithSecure's Security Cloud.
In the event you are still experiencing a detection on this file, please send us a screenshot or scanning report showing the detection details for further investigation.
-
Hello,
What is the average response time from malware lab?
(I have submitted a request through My Support in the WithSecure Partner Portal on 2023-03-20, case number 04944425 but it's status is "New - P3" even today.)
Thanks in advance, Best regards: Tamas Feher, Budapest, Hungary.
-
Hi James Chang,
first Screenshot from "F-Secure Client Security Premium".
And one more from the Policy Manger from another date.
-
Hi @Tacsk0
Thank you for your submission and we apologize for the delay in responding. This ticket(04944425) has been notified to our virus lab to expedite the investigation.
Hi @Peter_Krahe , did you submit the sample here?
We would also encourage you all to "Subscribe to Updates" to get the ongoing MI alert/update for the False Positive Detection here
-
-
Hi @Peter_Krahe
By searching your email, I can see your virus lab ticket in our internal system. Our security products recently had a False Positive related to this file, and the issue was then fixed automatically via WithSecure's Security Cloud.
In the event you are still experiencing a detection on this file, please re-submit the samples with a screenshot or scanning report showing the detection details for further investigation.
-