Just for the record, a user has had our EWriter exe file deleted by "Check Point Endpoint Security", which said it "was found infected". I uploaded the same file (54MB) to VirusTotal and it reported zero detections out of 66 AV products, one of which happens to be "Zone Alarm by Check Point'.
Later: Check Point have a UK toll-free support number which I called to ask why they do not show any means of reporting false positives on their website. For our own software, when this (very occasionally) happens it is usually simple to get a file whitelisted by one of the major AV players. If you want to try getting EWriter whitelisted, the answer is that Check Point tech support (in the USA) do not know how to get something whitelisted, the manager, who 'might know' does not respond when they ask (and I wait), and they cannot open a ticket to get me a response because I am not a customer. I hope this helps!
AV false positive
Moderators: Alexander Halser, Tim Green
- Tim Green
- Site Admin
- Posts: 23181
- Joined: Mon Jun 24, 2002 9:11 am
- Location: Bruehl, Germany
- Contact:
Re: AV false positive
Hi Tim,
Thanks for reporting this and the additional information by email. If you don't have some important reason for using integrated EXE books with the book and the viewer in the same file this is yet another excellent reason for using the new standalone viewers. In addition to easier distribution of updates (you just need to distribute the data-only books instead of an EXE file) the likelihood of this kind of false positive situation is much lower. The AV programs aren't going to care that part of the combined EXE is data only. They are checking the whole thing and the changing data in your book portion will have a higher chance of generating false positives than the static and known standalone viewer.
Thanks for reporting this and the additional information by email. If you don't have some important reason for using integrated EXE books with the book and the viewer in the same file this is yet another excellent reason for using the new standalone viewers. In addition to easier distribution of updates (you just need to distribute the data-only books instead of an EXE file) the likelihood of this kind of false positive situation is much lower. The AV programs aren't going to care that part of the combined EXE is data only. They are checking the whole thing and the changing data in your book portion will have a higher chance of generating false positives than the static and known standalone viewer.
Regards,
Tim (EC Software Documentation & User Support)
Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
Tim (EC Software Documentation & User Support)
Private support:
Please do not email or PM me with private support requests -- post to the forum directly.