Author Topic: WowApp application considered dangerous after certificate update 2019  (Read 695 times)

0 Members and 1 Guest are viewing this topic.

Offline andrei.dica

  • Newbie
  • *
  • Posts: 16
Hello happy Avast community, it is that time of the year again!

https://forum.avast.com/index.php?topic=208639
https://forum.avast.com/index.php?topic=221843

I work for wowapp.com, we've developed a messenger called WowApp, which is normally whitelisted for Avast. We've had to update our code-signing certificate and now we are considered a threat. We've had the exact same issue the last 2 times we updated our certificate, as you can see above. Like before, we have not changed anything to break the Avast Clean Guidelines.

So, here i am again, asking you guys for help, hoping the issue can be fixed. The archive uploaded is called "WowApp_Setup.7z".

Image with the alert: https://ibb.co/PQgTsYV

To make things quicker:
@Asyn, yes i have followed the guidelines for whiltelisting and app cleanliness :D
@Milos, the file is digitally signed and uploaded to you FTP server, under username ftp_woowteamcom, filename WowApp_Setup.7z

Please let me know if i can help you with more information. Thank you.
« Last Edit: October 03, 2019, 05:57:21 PM by andrei.dica »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61495
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: WowApp application considered dangerous after certificate update 2019
« Reply #1 on: September 10, 2019, 12:12:58 PM »
Hi, I forwarded it to Avast Whitelisting Team.
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 68.2 [NS/AOS/uBO] - TB 68.2.2 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline VítSU

  • Avast team
  • Newbie
  • *
  • Posts: 5
Re: WowApp application considered dangerous after certificate update 2019
« Reply #2 on: September 10, 2019, 01:27:51 PM »
Hello,

we checked your provided file and this app violate our clean guidelines by following:

- "Minimize on exit" without ability to disable in-app
- No notification about app staying in tray after closing
- Autorun active when app installed without ability to disable in-app (user is able to disable this  only AFTER signing in). This should be enabled after user log-in OR user should be able to disable this without logging in (access to settings)

Our resolution is PUP detection.

Best Regards,
Vít Suchánek 
Avast Whitelisting Team - AVAST Software s.r.o.
a: Přízova 7, 602 00 Brno-střed, Czech Republic
s: www.avast.com

Offline andrei.dica

  • Newbie
  • *
  • Posts: 16
Re: WowApp application considered dangerous after certificate update 2019
« Reply #3 on: September 10, 2019, 04:30:08 PM »
@Asyn, thank you very much, as always :D

@Vitsu

Ok, this is new. Can you please point me to the specific guidelines that cover what you mentioned ? I'm using https://support.avast.com/en-eu/article/Threat-Lab-clean-guideline. I'm asking because this is a first for me, hearing this from somebody from Avast (i need not mention that there has never been an issue with any other antivirus) and, as you saw, this is not the first time i've gone through this process.

We have always been cleared before, with mentions made that the problem was not on our side, and now we're somehow a PUP ? It makes no sense.

Returning to the points you mentioned:
1. You can find the option in Tools > Settings > General
2. Windows notifies you of this when you install it, that some programs remain in the taskbar. Neither Skype nor Viber do this and i get no alerts for them.
3. Skype on Win 7 doesn't do this either, yet no alerts for them.

Bottom line is, we can address all of your concerns if you decide they are truly a problem, what i need is the app to stop being considered a threat by your product, when we clearly are not.

Best Regards,


« Last Edit: September 12, 2019, 11:29:19 AM by andrei.dica »

Offline andrei.dica

  • Newbie
  • *
  • Posts: 16
Re: WowApp application considered dangerous after certificate update 2019
« Reply #4 on: October 07, 2019, 05:31:06 PM »
Hello again,

Since we last spoke, the builds i submitted were whitelisted (confirmed via email) without any problems and since there were no more replies, i thought this issue had been dealt with. Until now, at least, that was enough: whitelist one build, all others were clear from then on.

But now we find out that the all the new builds we make are now considered a threat by Avast, even though the whitelisted builds do not raise any alarms. This is a big problems for us, since users receive updates that they can't install.

I have, again, uploaded a new build for whitelisting, archive name "WowAppBeta_Setup.7z", pass "virus".

Can somebody please provide a clear answer as to what we need to do for this to end ? You can't expect us to have to submit and wait for whitelisting everytime we create a new build. Why does Avast have so many issues, while all other antiviruses consider us clean without any problems ? I was never able to get a clear answer to that question.

Thank you and i eagerly await your answer.
« Last Edit: October 11, 2019, 02:07:36 PM by andrei.dica »

Offline andrei.dica

  • Newbie
  • *
  • Posts: 16
Re: WowApp application considered dangerous after certificate update 2019
« Reply #5 on: October 11, 2019, 11:25:13 AM »
bump

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2675
  • Volunteer
Re: WowApp application considered dangerous after certificate update 2019
« Reply #6 on: October 11, 2019, 07:20:40 PM »
Funny, I could've sworn I had answered this as well as someone from Avast! (more recently).

PUP does not equate to a threat - that's a common misconception. PUP means Potentially Unwanted Program. (I agree it serves no purpose but confusing end users though. Most people see the associated red and think "bad" immediately.)

Comparing Skype to your product is a little bit of a long shot. Skype is a multi-Billion dollar product owned by Microsoft.

I will message Vitsu. Avast! is unlikely to remove PUP detection if you haven't address their concerns though.
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline VítSU

  • Avast team
  • Newbie
  • *
  • Posts: 5
Re: WowApp application considered dangerous after certificate update 2019
« Reply #7 on: October 14, 2019, 11:43:59 AM »
Hello,

we check programs individually and if we have problem with something, we can create a detection and update our clean guidelines. In this case we found issues as I wrote in older message. Also I tryed to check file which you uploaded "WowAppBeta_Setup.7z" but I did not found any match in database. Please upload it again and send us SHA of file for check.

Older version is still classified as a PUP app because of issues already described.

Best Regards,

Vit
Vít Suchánek 
Avast Whitelisting Team - AVAST Software s.r.o.
a: Přízova 7, 602 00 Brno-střed, Czech Republic
s: www.avast.com

Offline andrei.dica

  • Newbie
  • *
  • Posts: 16
Re: WowApp application considered dangerous after certificate update 2019
« Reply #8 on: October 17, 2019, 06:00:21 PM »
@Michael (alan1998) Thank you for your help.

@Vitsu

We've added the changes you requested. For each issue in turn:
 1. You can find the option in Login Wizard under Tools and after logging in, you can find it in Tools > Settings > General
 2. Notification now appears when application is first minimized to sys tray.
 3. Autorun can now be disabled in Login Wizard, under Tools.

I have uploaded a new build to your ftp:
Name: WowAppBeta_Setup_Full_17_10_2019.7z
password: virus
SHA of file in archive: 3a151659a068799ef62076a73ee28c7b79f02bb83a069d358764f0912ebd7812

Let's see if things are looking better now, let me know if there's anything more.

Best regards,

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2675
  • Volunteer
Re: WowApp application considered dangerous after certificate update 2019
« Reply #9 on: October 17, 2019, 09:02:25 PM »
@Michael (alan1998) Thank you for your help.

@Vitsu

We've added the changes you requested. For each issue in turn:
 1. You can find the option in Login Wizard under Tools and after logging in, you can find it in Tools > Settings > General
 2. Notification now appears when application is first minimized to sys tray.
 3. Autorun can now be disabled in Login Wizard, under Tools.

I have uploaded a new build to your ftp:
Name: WowAppBeta_Setup_Full_17_10_2019.7z
password: virus
SHA of file in archive: 3a151659a068799ef62076a73ee28c7b79f02bb83a069d358764f0912ebd7812

Let's see if things are looking better now, let me know if there's anything more.

Best regards,

I have drawn VitSU's attention back to the thread. Hopefully you'll hear back in the next day or two. It's late where he is (Czech Republic), so you likely won't get an answer for 12 hours at least.
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline VítSU

  • Avast team
  • Newbie
  • *
  • Posts: 5
Re: WowApp application considered dangerous after certificate update 2019
« Reply #10 on: October 18, 2019, 08:49:16 AM »
Hello,

thank you for your cooperation. This version is clean for us. If you want to avoid our possible detections, please keep uploading files to our whitelisting program and also check our clean giudelines at https://support.avast.com/en-ww/article/228/

Best Regards,

Vit
Vít Suchánek 
Avast Whitelisting Team - AVAST Software s.r.o.
a: Přízova 7, 602 00 Brno-střed, Czech Republic
s: www.avast.com