Author Topic: 'You've discovered a very rare file. This file might be dangerous' of our app. (Read 2113 times)

Vladislav K · « **on:** March 27, 2019, 10:44:42 AM »

Hello,
I'm working on application development for private companies use.
A user can download an executable from our site. Moreover, before download, we update resources and then sign resulting binary. So each user gets quite changed program.
The problem is that users get a warning I wrote in the subject. And to install they should click 'More', 'I trust...' which is not convenient for them.
I've read this topic https://forum.avast.com/index.php?topic=205767.0.
As I understand signing doesn't help, only a larger user base or manual submitting to the false-positive form of each new build. And I'm not sure if this helps because of updating binary for each download.

Is there a solution for this issue or a way to configure the Avast in a local network to trust our application?

Here is virustotal report https://www.virustotal.com/gui/file/f0f3f569614bf9965c95e345eb25dc9b0c3bc0f6b1c6ab36b6822c5c0b5c606c/detection

Asyn · « **Reply #1 on:** March 27, 2019, 10:54:43 AM »

As you're a developer, read here...

-> https://support.avast.com/article/229/
-> https://support.avast.com/article/228/

Vladislav K · « **Reply #2 on:** March 27, 2019, 11:07:13 AM »

Quote

Vendors who sign their applications with digital signatures can apply for whitelisting via their digital signature. This type of whitelisting is provided to a limited number of digital signatures, and only if the software developer has a clean track record.

So we should wait for a clean track record and then apply for whitelisting via digital signature?

Asyn · « **Reply #3 on:** March 27, 2019, 02:13:52 PM »

Quote from: Vladislav K on March 27, 2019, 11:07:13 AM

So we should wait for a clean track record and then apply for whitelisting via digital signature?

If you don't have a clean track record, you probably won't get approved.

Vladislav K · « **Reply #4 on:** March 27, 2019, 02:35:41 PM »

Ok, so we can't do anything but wait.
Thanks.

Vladislav K · « **Reply #5 on:** March 27, 2019, 02:44:57 PM »

Also, forgot to ask.
If we upload the app to the Avast Threat Labs to mark it as safe. But we patch the application resources (some configs) before download, will it still be counted by Avast as the old app we uploaded before? Or it's treated as a new one?

Asyn · « **Reply #6 on:** March 27, 2019, 02:56:55 PM »

Quote from: Vladislav K on March 27, 2019, 02:35:41 PM

Ok, so we can't do anything but wait.
Thanks.

You're welcome. Everything else needs to be answered from Threat Lab.

igor · « **Reply #7 on:** March 27, 2019, 05:03:25 PM »

A modified file is a different file, so I'm afraid there's no point in whitelisting it (well, unless some actual detection is reported - as a false positive).
I'd say the only way is the digital signature.

Author Topic: 'You've discovered a very rare file. This file might be dangerous' of our app. (Read 2113 times)

Vladislav K

'You've discovered a very rare file. This file might be dangerous' of our app.

Asyn

Re: 'You've discovered a very rare file. This file might be dangerous' of our app.

Vladislav K

Re: 'You've discovered a very rare file. This file might be dangerous' of our app.

Asyn

Re: 'You've discovered a very rare file. This file might be dangerous' of our app.

Vladislav K

Re: 'You've discovered a very rare file. This file might be dangerous' of our app.

Vladislav K

Re: 'You've discovered a very rare file. This file might be dangerous' of our app.

Asyn

Re: 'You've discovered a very rare file. This file might be dangerous' of our app.

igor

Re: 'You've discovered a very rare file. This file might be dangerous' of our app.