Are you sure those system have up to date anti virus definitions?
I just asked Jason to take a look as he uses Sonar and he hasn't had any false positives with it and MMF created EXE files.
Are you sure those system have up to date anti virus definitions?
I just asked Jason to take a look as he uses Sonar and he hasn't had any false positives with it and MMF created EXE files.
For the record, Avast flags mmf created applications as viruses as well.
Jeff,
Norton installs its virus definitions on its own, and I know that the virus definitions were updated at one point just a few minutes before it deleted one of my files. Sounds like Norton's standard stalling line to me.
Steve
I've gathered more detailed information and sent it to Norton with the exe and mfa files, jpg screen shots of the Norton SONAR screens, and a link to the demo version of MMF 2. I've cut and pasted it below. I've attached the files. I'll let you know what I get back.
Your Reply To My Original E-mail is shown below.
I've included the file original exe created using Multimedia Fusion 2 Developer version 253 and screen shots from Norton Sonar in the zip file above. You can get a demo version of Multimedia Fusion from:
http://www.clickteam.com/website/usa/downloads/index/14
The first image, norton1.jpg, illustrates that Norton Sonar is detecting all the files made by Multimedia Fusion as suspicious and deleting them.
This is an automated message. Please, do not reply to this email.
We would like to inform you that your submission has been received successfully by Symantec Security Response and a tracking number has been created for it.
The incident number for your submission is: 2809924
--------------------------------------------------------
Detection occured: APPLICATION
Usign product: UNKNOWN
Type of detection: SONAR
Customer name: Stephen R Hughes (stephenrhughes@comcast.net)
Name of detection given by Symantec product: file was behaving suspiciously
File uploaded:
Virus Total URL:
MD5 or SHA256 from the customer:
Customer's notes:
Norton SONAR is detecting and deleting every exe file made by an
authoring program called Multimedia Fusion 2 Developer. I have
checked these files using several other anti virus programs and they
have found nothing. Norton SONAR is saying that all of the created exe
files are infected including those that were made and not opened 10
years ago. I have also created exe files from other computers and
burned them to a CD and SONAR tries to delete them. I do not believe
that these files are infected. I use this program to create
educational applications for a living and this false positive is
making me feel very insecure about selling my applications. See
www.multimediascience.com for examples.
--------------------------------------------------------
Sincerely,
Symantec Security Response
http://securityresponse.symantec.com
__________________________________
Problem is, MMF2 applications are easy to make into advanced viruses, just because it's easy to make into any advanced program.
I use F-Secure and tell it to ignore all .mfx files during real-time scanning. It doesn't pick up any of the MMF2 programs, hasn't for half a year, it just asks me when they run or access the interwebz whether I want to permit it, every time the app's content is modified.
I'd recommend F-Secure over Norton any day. Pity it isn't free.
I run into Avast complaining about MMF2 applications as well no matter what they are. It constantly asks me if I want to run in sandbox mode.
I'm not sure if this is relative to your situation but I notice that if I have "Compress the runtime" selected I get a lot more virus flags from Norton. (Actually, I don't get any when I deselect that option!) Maybe the way it un-compresses is similar to some virus behavior???
Yeah, I've heard that when compress the runtime is checked, then there are lots of virus scanners that don't like what it does. It extracts the runtime file and runs it in the background, which virus scanners don't like, because that is virus-like behavior.
Well, I unchecked "Compress the runtime" in the sample application.exe / mfa that I sent to Norton. And sure enough, he exe ran fine. Now this might solve the Norton SONAR problem going forward, but it dosn't change the fact that I have hundreds of mfa files that would need to be rebuilt and new installs created, and hundreds of pieces of software already sold, and inventory that now may not work for my customers due to Norton anti-virus. So, I'm still going to pursue this with Norton as far as I can.
But sure appreciated the heads up on the information that you provided.
Steve
I found out about the compressing of the runtime some time ago. My firewall asked me if I wanted to allow strdt.exe to run. This happened the same time I had ran my app I created with MMF. Searched on here and found lots of complaints on the boards here about antiviruses going crazy over it. For your software sold, why couldn't you just create a version of the software where the runtime is not compressed and just tell people it's an update?
If I had a lot of issues with my users reporting antivirus issues then I would make it a point of putting that as part of the FAQs on my website. All you can do is explain to your users what's going on. If they don't listen you can't force them to listen to you.
Posting Permissions
Reply With Quote