Anti Virus False Positives - AVG and Visual Studio (Technical Note)

Skip over navigation

Home > About Us > Blog

28 Dec 2012 Categories: Software development

It was the telephone conversation that every custom software development business dreads:

"I'm running the installer from your latest update and my anti virus software is telling me that it is infected with a virus!"

As a company developing custom business software, we are in a position of great trust when we produce software to install on our clients' PCs and servers. In fact, we use anti-virus and anti-malware products from four different vendors to maximise protection throughout our company network, so I was confident that we had not shipped infected software.

Back to the conversation...

Whilst we could have suggested temporarily disabling the anti-virus software or setting up an exception so that it would ignore our software and its installer, that really wasn't a viable option or something I would want to do. So we agreed a plan of action with our client.

A quick return to our testing lab enabled us to fire up a new test PC image, install a copy of the anti-virus reporting the problem (in this case AVG) and reproduce the reported problem. Needless to say, all of our other anti-virus products were quite happy with our software.

What to do with our false positive?

Theoretically we could contact the anti-virus vendor, supply a copy of our files and ask them to change their scan signatures to fix the false positive but, in reality, this wasn't a practical option. A quick trawl of the internet revealed that false positives are a common problem and major anti-virus vendors are not keen to accommodate a piece of custom software that may only be installed on a few PCs. So what were our options?

Rebuild & Test

As there was a facet of the executable file that seemed to be confusing the anti-virus, our next step was to rebuild our solution with varying compiler options and retest. Fortunately, an acceptable solution was soon found, simply recompiling the executable with optimisations switched off produced a program that the anti-virus found acceptable. (In Visual Studio 2010 this simply meant unticking the "Enable Optimizations" setting under "Advanced Compiler Options...".)

As, in our case, compiling without optimisation caused no adverse affects in the finished program, we were able to ship the update which our client then installed without any problems.

Solution

Lesson learnt - when trying to resolve an anti-virus false positive, don't forget to experiment with the compiler options.

Previous Post << >> Next Post