Meu software sempre é vítima de falsos positivos

[HonzaZ]

Hi Renato,
Unfortunatelly, digsig is not a silver bullet. What sometimes happens is that digital signatures get stolen (or the original issuer starts signing pup/adware/malware as well as clean files), so we cannot trust them all the way. That being said, they are still a very strong indicator that the signed files are not malicious.

[REDACTED]

That being said, they are still a very strong indicator that the signed files are not malicious.

So is it possible that Avast recognize my digsigned app as non-malicious and stop to bother me? Or the best chance is that I may sign my app in vain?
What I want to mean is that I'm worried about the possiblility of spend money (Signature, developpers, support) trying to solve a problem, and in the end find out that it was not solved.

[HonzaZ]

I cannot promise you anything - digitally signed files are not "magically considered clean for ever without any exception". What I am saying is that digsig helps with preventing false positives greatly.
Also, I think that if your PE files are to be used by more than 10 people, digitally signing them is considered best practice anyway.

[REDACTED]

At first, I'd like to thank you for all your support.
I think, based in all that was written before, that the best solution (but not the perfect one) is digitally sign our files AND our webservice. With those actions we may minimize a lot those detections from Avast.
But a new information was introduced yesterday from one of our support team member. He disabled the Avast CyberCapture, and all the problems stopped. I don't even know if this is a real solution, or if CyberCapture is the "vilain", but the fact is that, disabling it, the false positives stopped. I undestand also that this cannot be the definitive solution beacuse I'm allowing that real unknown malwares to be undetected too, but until we find a better solution, we are disabling CyberCapture from our customers computer. If you have any information you think to be relevant about this subject, please, let me know.
As I told you before, I'll sugest our team to take those two actions: Sign our files, and sign with SSL our webservice. As soon as possible I'll tell you the result of those actions.
Thank you all once again.

[HonzaZ]

I think, based in all that was written before, that the best solution (but not the perfect one) is digitally sign our files AND our webservice. With those actions we may minimize a lot those detections from Avast.

Digsig files = way to go, will help with false positives.
SSL on your domain = way to go, but (as I said earlier) it will probably not help with false positives at all.

But a new information was introduced yesterday from one of our support team member. He disabled the Avast CyberCapture, and all the problems stopped. I don't even know if this is a real solution, or if CyberCapture is the "vilain", but the fact is that, disabling it, the false positives stopped. I undestand also that this cannot be the definitive solution beacuse I'm allowing that real unknown malwares to be undetected too, but until we find a better solution, we are disabling CyberCapture from our customers computer. If you have any information you think to be relevant about this subject, please, let me know.

This doesn't make any sense. CyberCapture only acts as one of the shields. A user, without risking being infected, might opt to send the file to us for analysis, then after we are done, we send back the result. The fact that you disable CC only means that you leave the user unprotected from other threats, but should not help with false positives, as we use the same algorithms to decide if the file is malicious or not for all files, no matter if they went through CC or not. I would say this (not getting FP on the file when CC was disabled) was pure luck, and I do not see any reasonable reason why it would help.

Also, I already said (Feb 15th) that I added isaerp.com.br to clean CC class, which means all files downloaded from this domain should be classified as clean (unless there are other indicators indicating otherwise). If you have a file that is detected by CC, post its sha256 here and I will take a look at it.

[REDACTED]

Well, I searched some information about CyberCapture before write you that last post. It didn't make sense for me too. For this reason I wrote that, to be sure I was not crazy. So, for a while, lets discard the possibility of CyberCapture be the "bad guy".
I'll keep my first speach: I'll digitally sign my files.
After this, I'll tell you the results, OK?
Thank you again for all the support and patience.
Best Regards.

[HonzaZ]

Cool! Let me know your digsig hash when you are ready signing the files (or send me one of the files that are signed) and I will make sure to add it to cleanset.