Our company software is being wrongly detected as malware again this year. It was cleared last year . It is code signed. HELP!

thank you. I deleted an executable from our software that was like a failsafe that users used when they forgot to set up the sending of data to the server in real time , they could use that file at the end of their task to send all the info together in the background... this file was the one flagged and I removed it from our application since microsoft did not want to remove the malware label from it. this file had been used for 18 years by thousands of users...

Laura,

I was about if ask if the Microsoft response had included anything more about what specifically caused them to class your software as malware, but your last post details that perfectly.

I was also going to ask if you'd tried uploading the questioned file to VirusTotal to see whether other security apps might also identify your file as malware, as well as possibly learn what is causing them to mark it as such.

However, based on your most recent description of the file's purpose, my first guess would be that some malicious actors have learned how to use that file to redirect the upload of files to their own servers, meaning they can somehow abuse a once trusted executable file containing a certificate as part of a malicious campaign to steal data from user devices.

Unfortunately, this type of abuse of trusted files and apps is relatively common and often results in exactly this sort of tagging as malware, even though the original intention of the file's purpose and those creating it was not malicious in any way. What this means is that you must confirm that any such app is both hard coded with the server's upload address and/or that it's not possible for malicious actors to modify how the file operates in order to abuse it.

I'm guessing that the server in question may not be a single target and thus requires some form of variable input, which if it can be manipulated is precisely the type of problem which would likely be abused. Hopefully that helps you at least understand the true problem and why what to the casual observer might seem a benign file and purpose suddenly becomes an integral part of potentially many malicious 3rd-party data exfiltration operations.

The moral of the story? You need to think like a malicious actor when creating and testing apps nowadays, or they'll end up abusing your app and taking your reputation down with it.

Rob

I did and they are still claiming it is malware... last year the files were cleared after a couple attempts. We have had hundreds of installs during the year no problem. come october again microsoft hell breaks loose again . thanks for your interest I appreciate it!

Sorry, we are just other users answering here neither Microsoft employees nor support persons, so we have no influence on Microsoft decisions or Microsoft behavior.

Did you try Part 4 - Submit a file for analysis?

Hi Igor . Thanks for your response, but this is from the standpoint of what the user can do to allow the software to be downloaded/run on their computer.

The problem is that most our customers are Universities that have tight security and they are not willing to add an exclusion.
I need microsoft to remove our software from their threat list like they did last year. But so far they are still clasifying it as malware.

Hi Laura,

My name is Igor, it's a pleasure for me to help others and I'll try to help you.

I hope this page will be helpful https://learn.microsoft.com/en-us/defender-endp...

Please tell the result.