Microsoft security Essentials误报我的autoupdate模块 [英] Microsoft security Essentials false positive for my autoupdate module
问题描述
我正在开发FastestTube(Youtube)所有主流浏览器,包括IE浏览器。
目前Microsoft Securite Essentials(MSE)开始检测我们的FastestTube for IE安装程序作为威胁TrojanDownloader:Win32 / Putabmow.B,它看起来像一个假阳性检测
。
我通过相应的表格提交了样本并得到答案,我们的安装程序被检测到,因为官方标准的以下段落: http://www.microsoft.com/ security / portal / mmpc / shared / ObjectiveCriteria.aspx
>
>不需要的行为:安装和删除:捆绑或下载Microsoft反恶意软件定义库中分类的其他不需要的软件。
>
经过一些调查,我可以得出结论,问题出在我们的更新模块wombat_updater.exe中。这个自动更新模块安装了
FastestTube,并在卸载FastestTube时卸载。安装时,wombat_updater在任务调度程序中注册任务并定期检查我的服务器上的新版本FastestTube。当新版本可用时,它将被下载
并安装,以便为用户提供最后的修复和功能。由于FastestTube的事实应该经常与Youtube和Youtube集成更改,自动更新功能对用户非常重要。
Wombat_updater是在带有ATL的MS VC ++(VS2010)上编写的,没有任何第三方库。
所以,qustion是:我怎样才能实现自动更新功能,而不是害怕它会被MSE检测为病毒?是否完全禁止这样的自动更新功能
通过MSE(但在这种情况下,谷歌更新程序是如何工作的?)或者是否有一些规则/指南这些更新者应如何与系统和用户一起工作/交互?或者任何人都可以建议如何消除当前$的误报b $ b实现?
PS我已经在answers.microsoft.com上的Security Essentials论坛上询问了这个问题,但只是建议在MSDN论坛上问这个问题。
Hi Kwizzu,
您的程序也提供了一种清晰明了的安装,卸载方式,或禁用它?
请检查此主题是否有帮助:
自动c我正在申请新版本的应用程序
祝你好运,
I am developing FastestTube (Youtube downloader tool) for all major browsers, including IE.
For now Microsoft Securite Essentials (MSE) start to detect our FastestTube for IE installer as the threat TrojanDownloader:Win32/Putabmow.B and it looks like a false positive detection.
I submitted the sample via the corresponding form and got answer, that our installer is detected because of the following paragraph of the official criteria: http://www.microsoft.com/security/portal/mmpc/shared/ObjectiveCriteria.aspx
>
> Unwanted behaviors: installation and removal: Bundle or download other unwanted software classified in the Microsoft antimalware definition library.
>
After some investigation I can conclude that the problem is in our update module called wombat_updater.exe. This autoupdate module being installed with the FastestTube and is uninstalled when FastestTube is uninstalled. While installed, wombat_updater registers the task in task scheduler and periodically checks the new version of FastestTube on my server. When the new version is available, it will be downloaded and installed to give user the last fixes and features. Due to the fact that FastestTube should integrate with Youtube and Youtube changes often, the autoupdate feature is very important for the users.Wombat_updater is written on MS VC++ (VS2010) with ATL and without any third-party libraries.
So, the qustion is: how can I implement auto-update feature and not to afraid that it will be detected be MSE as a virus? Is the such auto-update features are completely prohibited by MSE (but in this case how Google updater works, for example?) or are there some rules/guides how such updaters should work/interact with the system and user? Or can anybody suggest how to remove the false positive for our current implementation?
P.S. I already asked about this on the Security Essentials forum on answers.microsoft.com, but got only suggestion to ask the same here on MSDN forums.解决方案Hi Kwizzu,
So does your program provides a clear and straightforward way for you to install, uninstall, or disable it?
Please check this thread if it helps: Automatically checking for a new version of my application
Best regards,
这篇关于Microsoft security Essentials误报我的autoupdate模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
