通过反病毒程序将c#.net程序误判为木马程序 [英] False positive detection of c# .net program by anti-virus as trojan
问题描述
我使用C#.Net开发了一个windows服务,它收集数据并在客户端用户的许可下定期使用自定义API发送到我的服务器。
在用户安装反病毒软件(卡巴斯基)之前它工作正常。它肯定地检测到我的.exes为 PDM:trojan.win32.generic ,抛出隔离区并删除了它的服务,因为我正在使用 HTTPWebRequest 和 HTTPWebResponse 来推送和拉取数据。
我在防病毒软件程序设置和安装的服务中再次列出了排除规则下的白名单和程序目录。因为它现在工作得很好。
但是至于最终解决方案,我想知道我们是否可以在程序本身(以编程方式)解决这个问题。因此,只要安装了我们的程序及其服务,任何防病毒软件都不会将其检测为木马或任何其他类型的病毒。
编辑 - 8月,2015年6月
早先忘记提及在服务.exe它下载它自己的最新的.exe文件更新自己。我不知道这个过程是否会让它看起来像一个木马程序。
你可以申请将你的程序添加到Kasperky 白名单。您可能还想申请卡巴斯基实验室信任徽标。其他反病毒解决方案提供类似的白名单程序,例如赛门铁克。
浏览这些白名单--IMHO - 在这里是正确的方式。如果您的用户信任这些解决方案,您的努力将被列入白名单,即通过这些解决方案标记为可信赖的,应该对您的用户群有很大的帮助。
I have developed a windows service using C#.Net which collects data and send to my server using custom APIs on a regular interval basis with the client user's permission.
It was working fine until the user installed the anti-virus software (Kaspersky). It, false positively, detected my .exes as PDM:trojan.win32.generic, thrown away into quarantine and removed its service because I am doing web requests using HTTPWebRequest and HTTPWebResponse to push and pull data.
As for temporary, I have white listed .exes and program directory under exclusions rules in anti-virus software program settings and installed service once again. As so it is working fine for now.
But as for final solution, I want to know can we fix this within program itself (programmatically). So that any anti-virus software do not detect it as trojan or any other kind of virus as soon as my program and its service get installed.
Edit - 8th, June 2015
Earlier forgotten to mention that within service .exe it downloads its own latest .exe file to update itself. I wonder if this process is making it to appear as a Trojan.
You can apply to have your program added to the Kasperky whitelist. You may also want to apply for the Kaspersky Lab Trusted Logo.
Other anti virus solutions offer similar whitelist programs, Symantec for example.
Going through these whitelists -IMHO- is the proper way here. If your users place their trust in those solutions your making an effort to be whitelisted i.e. labeled as trustworthy by these solutions should go a long way with your user base.
这篇关于通过反病毒程序将c#.net程序误判为木马程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
