none
MSE is suddenly quarantining my own programs RRS feed

  • Question

  • I write simple vb.net accounting programs solely for my own use; all the programs are contained on my PC, none of them access the web, most of them read and write text files (also on this PC) and display graphs to allow me to track my expenditure and budget ahead.

    Yesterday, while modifying one of these programs, an MSE pop-up appeared up saying 'detected threats are being cleaned'; the MSE History window shows a 'severe' alert for 'Trojan:Win32/Fuerboos.D!d' in the \obj\x86\[].exe file. Since this program (which I had been using for some months) was actually a copy of an older program with some modifications, I simply deleted the whole thing and started again, using the older program as a template.  Without making any modifications, I simply ran the new copy of the old program, and again MSE threw up an alert about the debug .exe file.

    I then found that MSE behaved the same way whenever I loaded any program from this set of tools - the moment I run a program in debug mode, MSE throws a wobbly. I've been using (and modifying) these programs for years, so I don't imagine there is really a threat - I'm guessing they're false positives produced by a recent update in MSE's definitions.

    Has anyone else come across this behaviour? Is there a way I can issue a blanket instruction to MSE not to worry about my Visual Studio files (there are quite a lot of them - I'd like to avoid having to specify all of them them individually)

    I realise this is really an MSE problem rather than a visual studio problem, but I thought someone else here might have experience of it.

    Windows 7 pro, Visual Basic 2010 Express, MSE

    Friday, January 19, 2018 2:11 PM

All replies

  • Hello,

    This is not a programming question but instead it targets the MSE thing so that is where you need to focus on finding help in a none programming forum.

    Similarly when I had something similar happen with my anti-virus utility I went to the help on the utility and found how to exclude folders and that was it. It's not a coding question at all.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Friday, January 19, 2018 2:20 PM
    Moderator
  • Do a search on that virus name.

    It would appear that it is generally detected through heuristics and there have been numerous false-positives reported.  The issue may stem from the fact that you are running old software (OS, VS, MSE) and Security Essentials is using an outdated heuristics engine.

    You can try turning off heuristics in MSE, or upgrading to newer software (Win10, Windows Defender).


    Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

    Friday, January 19, 2018 2:20 PM
    Moderator
  • Me too!

    I've just created my own small database application in Microsoft Visual Basic Express 2010, published it, tested it on another PC (Windows 10), and Windows Defender - on the test PC - came up with exactly the same virus alert.  

    Obviously a false positive, but not sure how to get round it.

    Friday, January 19, 2018 3:56 PM
  • So I guess that suggests that this is a problem with the latest update for MS Defender (I assume MSE uses the same definitions), and it would seem to be independent of the OS version.

    Because my software is all on my machine, I can exclude the project directories from MSE - but it's more difficult for you if you're distributing the app!

    Anyone else getting this?

    Friday, January 19, 2018 4:18 PM
  • So I guess that suggests that this is a problem with the latest update for MS Defender

    Anyone else getting this?

    Looks like it:

    "Windows Defender incorrectly detect all of my compiled programs as virus"
    https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning-windows_10/windows-defender-incorrectly-detect-all-of-my/ac57505b-c735-40e8-b5af-1e6dab135dec

    - Wayne

    Friday, January 19, 2018 5:35 PM
  • I'm reopening this thread as more reports come in.

    I've made an inquiry with Microsoft and am awaiting confirmation of the issue and/or guidance on next steps.

    I will update this thread with any new information.


    Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

    Friday, January 19, 2018 6:12 PM
    Moderator
  • Would each of you with the problem please do the following:

    submit the actual file sample (and not the whole installation package) that is detected by the Microsoft Anti-Malware solutions and mark it as an Incorrect Detection (select option “No this file has been incorrectly detected”). Please make sure you Sign In and provide your email account details when submitting samples in order to ensure submission communication is complete and check your submission history.

     

    You can use our portal submission form when submitting samples for further investigation available here:
    https://www.microsoft.com/en-us/wdsi/filesubmission

     

    Please share the submission ID to us here on thread for further investigation.

    Please post the submission ID here in the forum after submitting and I will forward it back to the team.  Thanks!


    Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

    Friday, January 19, 2018 7:31 PM
    Moderator
  • I've submitted one of my files:

    submission ID: bece9fc3-6f2e-41e9-935b-81370bc1e1d3

    Friday, January 19, 2018 11:41 PM
  • I've submitted one of my files:

    submission ID: bece9fc3-6f2e-41e9-935b-81370bc1e1d3


    Thanks Mike.  I've forwarded this onto the team and will let you know what I hear back.

    Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

    Saturday, January 20, 2018 12:47 AM
    Moderator
  • I've submitted one of my files:

    submission ID: bece9fc3-6f2e-41e9-935b-81370bc1e1d3

    Have you tried submitting it to Virustotal ? They scan the submission with dozens of engines.

    Saturday, January 20, 2018 5:25 AM
  • The submission came back as 'not malware', and after I manually downloaded definitions version 1.261.65.0, MSE no longer flags this file.

    However, MSE is still flagging up threats with some of my other vb.net programs, so for the moment I'm having to exclude several project directories.

    An interesting thing to note is that only the executable files in debug directories get removed. If I simply build the programs, the .exe files in release directories do not get flagged or removed.

    Saturday, January 20, 2018 10:54 AM
  • The submission came back as 'not malware', and after I manually downloaded definitions version 1.261.65.0, MSE no longer flags this file.

    However, MSE is still flagging up threats with some of my other vb.net programs, so for the moment I'm having to exclude several project directories.

    An interesting thing to note is that only the executable files in debug directories get removed. If I simply build the programs, the .exe files in release directories do not get flagged or removed.


    Thanks for the update Mike.  I've added this to the report.  You may be asked to upload some additional examples, I'll let you know if that is the case.  Thanks for your patience and sorry for all of the trouble.

    Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

    Saturday, January 20, 2018 1:45 PM
    Moderator