False positives are a huge probem for software developers

Question

Good morning,

we develop software and we are having big troubles with Windows Defender on Windows 10 as it regularly marks one of our digitally signed executables as a trojan each time we update it. This is causing us big problems with our customers as they start calling us when our program stops working. We immediately submit the file on https://www.microsoft.com/en-us/wdsi/filesubmission, but Microsoft answer is awfully slow and it takes more than a week(!) to whitelist the file. Please note that other antivirus vendors reply and whitelist the file on the same day. There is no way to test the file before releasing it to out customers and it seems that it starts being recognized as a trojan after three or four weeks we release it. Please let us know how can we proceed, we are losing our customers' trust and wasting a lot of time to manage a huge number of requests to our customer support team.

Thanks

Sergio

Answer 1

My understanding is that along with possibly finding a way to correct the potential false positive (not all are, since there may actually be malware in a few cases), the Microsoft response should include some indication of why this situation might be occurring.

Are you certain you are looking at the entire response provided, including any suggestions the analyst(s) are making regarding these issues?

In most cases, as Cyber also mentioned, there is something relating to best practices or possibly within the design of the application itself that looks suspicious or at least questionable to the Microsoft detection engines.  If whatever portions of your application are changing each time contain these suspicious components, it's nearly guaranteed that your app will set off such detections.

Your best effort would be spent trying to either remove or at least stabilize these sections of your code so they don't change as often.  Microsoft has automated much of the operation of Windows Defender and thus no doubt has fewer human analysts available to deal with such exceptions, so expecting this situation to get better on its own is foolish.

Antivirus evolved – Microsoft Secure

Note that this is the personal observation of a consumer user of Microsoft products who also has both professional computer security experience, as well as over 10 years helping consumers use Microsoft's security products in these forums.  I'm not a Microsoft employee, so this is my personal opinion.

Rob

Answer 2

Since this is special case, you may contact Microsoft Support or Microsoft representative in your country and discuss this issue. In some cases, you might need certain best practices to avoid mark program as false-positive.