Author Topic: White Listing Applications on a Certificate Level  (Read 497 times)

0 Members and 1 Guest are viewing this topic.

Offline advoyris

  • Newbie
  • *
  • Posts: 3
White Listing Applications on a Certificate Level
« on: September 04, 2019, 09:07:15 AM »
Hi All,
We have been trying to white-list our installers with no success.
We are A free gaming service for windows called FreeRideGames, Allowing users to download hundred of games to their machine for free.
Due to this we have an installer Executable per game This means hundred of different, All of our installers are digitally signed with our certificate.
Unfortunately since we have renewed our certificate, the cyber capture feature has been deleting our installers from user's machines, After which a notification is received that the file is safe, but the file no longer runs (it was deleted).
We have been aware of the cyberCapture feature for about 3 years now, Every year after our code signing certificate has been renewed we requested and received white listing on our certificate from AVG/Avast support, Unfortunately the live chat with support option is no longer available.
We tried applying for certificate white-listing using the white-listing from, but it appears to be ineffective to this scenario, since it appears that only the provided example file is white-listed and the rest of the description text is ignored thus only a single file is white-listed rather then the entire certificate. it is not reasonable to request white listing for hundreds of individual files, and there appears to be no clear option on how to apply for certificate white-listing.
3 example files:
http://dts1.freeridegames.com/FRG_site/SDM/whitelist/Alice's-Tea-Cup-Madness.exe
http://dts1.freeridegames.com/FRG_site/SDM/whitelist/Amelies-Cafe--Halloween.exe
http://dts1.freeridegames.com/FRG_site/SDM/whitelist/Build-a-lot-2--Town-of-the-Year.exe

Can someone please assist?

Offline VítSU

  • Avast team
  • Newbie
  • *
  • Posts: 5
Re: White Listing Applications on a Certificate Level
« Reply #1 on: September 05, 2019, 12:54:56 PM »
Hello,

your company already have an account in our whitelisting program but your last uploaded file was last year. If you create a new certificate please sent us a digital signed file through FTP server and we will check it.
Your new certificate was classified as a Adware because your provided files violating our clean guidelines:

- Closing player through X button only minimizes it without notification
- No option in-app to disable "minimize on exit"
- Inconsistent app name: EXEtender player, Gplayer, Freeride Games Player. Name should be consistent through processes, digital signature, app name, shortcuts etc.

If you want to avoid our detection, please correct these issues. After that we recommend to you to create a new certificate for clean files because without it we can not promise, that your files will be whitelisted correctly.

Best Regards,
« Last Edit: September 05, 2019, 02:15:52 PM by VítSU »
Vít Suchánek 
Avast Whitelisting Team - AVAST Software s.r.o.
a: Přízova 7, 602 00 Brno-střed, Czech Republic
s: www.avast.com

Offline advoyris

  • Newbie
  • *
  • Posts: 3
Re: White Listing Applications on a Certificate Level
« Reply #2 on: September 08, 2019, 08:14:04 AM »
Thank you for your response,
We appreciate the details into the reasoning of the detection.
I have relayed your notes to our product department and we would begin implementing these changes as soon as possible.
Unfortunately this still does not resolve our issue at this time, Since our files are still being removed by the cyber Capture feature Tough there is no actual detection, After a few minutes a notification arrives stating the files are clean. but they cannot be run anymore only an error is received .
Also, You stated that a new certificate is needed, but we have just renewed our certificates for 2 years, and would not be renewing them, since it is a costly undertaking to renew digital certificates. Can we not white-list our new certificate?
In Previous years we did not have such problems,
Please advice.

Offline VítSU

  • Avast team
  • Newbie
  • *
  • Posts: 5
Re: White Listing Applications on a Certificate Level
« Reply #3 on: September 10, 2019, 01:20:40 PM »
Hello,

we changed status of your files to Adware. So detections are correct.

New certificate is recommended. If you do not want to create a new certificate we will change our statement to neutral on your old certificate. It means, that your new clean files have higher chance to be flagged as FP than files signed by certificate with clean status.

Best Regards,
Vít Suchánek 
Avast Whitelisting Team - AVAST Software s.r.o.
a: Přízova 7, 602 00 Brno-střed, Czech Republic
s: www.avast.com

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11705
    • AVAST Software
Re: White Listing Applications on a Certificate Level
« Reply #4 on: September 10, 2019, 02:07:25 PM »
our files are still being removed by the cyber Capture feature Tough there is no actual detection, After a few minutes a notification arrives stating the files are clean. but they cannot be run anymore only an error is received .

That is not an expected behavior... what error exactly do you get (and when? when started from Explorer?)

Also, You stated that a new certificate is needed, but we have just renewed our certificates for 2 years, and would not be renewing them, since it is a costly undertaking to renew digital certificates. Can we not white-list our new certificate?

That is not possible - whitelisting the certificate would whitelist even the old files (on which there are intentional detections). It's somehow like a leaked certificate - if there's a bad file signed with a certificate, that certificate is bad as well and has to be replaced.

Offline advoyris

  • Newbie
  • *
  • Posts: 3
Re: White Listing Applications on a Certificate Level
« Reply #5 on: September 16, 2019, 03:05:36 PM »
Hi,
The steps to reproduce Cyber Capture behavior goes as follows,
1. Download in edge browser - http://dts1.freeridegames.com/FRG_site/SDM/whitelist/Alice's-Tea-Cup-Madness.exe  - Run the file.
2. Windows UAC message received and accepted.
3. A message received from windows explorer stating that the file has cannot be found.
4. A message appears from Cyber Capture stating that this file is sent for examination.
5. A few minutes later Cyber capture returns a notice that the file is clear, but the file cannot be found anymore.