Why NOD32 not verify the existence of the Code Signing certificate ?

Alert "probably unknown NewHeur_PE virus"

 

"Virus" body:

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="highestAvailable" uiAccess="False"/>
</requestedPrivileges>
</security>
</trustInfo>

 

Advanced heuristics does not scan other than PE executables so it could not report a probably NewHeur_PE virus on an xml-structured file. Please compress the file in question with WinRAR or another ordinary packer, protect the archive with the password "infected" and send it to samples[at]eset.com with this thread's url in the subject.

 

Designing UAC Applications for Windows Vista

http://msdn.microsoft.com/en-us/library/bb756973.aspx

Sent the file to samples@eset.com

 

What's news on this issue?

 

A number of thread bumping posts have been removed. A flood of them will not hasten the answer.

If a formal offline support request is in process, the answer should emerge through that venue.

Blue

 

Anybody can announce dates rectify the false message?
I can help with the answer: ASSIGNED (Version: ), RESOLVED FIXED (Version: ) or any other.

 

Again Alert "probably unknown NewHeur_PE virus"

 

Please send the new version to samples[at]eset.com with "False positive" in the subject. Also enclose a link to the website where the file can be downloaded from and where we can read more information about its purpose.

 

Sent the file to samples@eset.com. I am the author - UPnP Media Server - Windows Service Module (Windows 95-2008 ).

More information: copy "infected" file from network drive to local drive with NOD32 - Alert, execute "infected" file from network drive - no alert.

 

Since you are the author I will tell you here, when it comes to creating programs VirusTotal is a great resource to finding and fixing False Positives before releasing software, it's a great way to avoid headaches for both you, and the anti-virus company. I have encouraged fellow dev's to use this method and it has solved much pain.

 

Сopy "infected" file from network drive to local drive with NOD32 - Alert, execute "infected" file from network drive - no alert.

Antivirus ?
In my opinion - Antitrust. I signed program my Code Signing certificate.

 

I think you misunderstood me, upload your files to VirusTotal.com to see if any Anti-Virus detects it as False Positive.

If yes, tell Anti-Virus, they fix it, you release file.
If no, you release file.

Understand?

 

Antivirus should check the existence of the Code Signing certificate.

Understand?

 

Assuming a file is safe because of a certificate is not the right thing to do.

 

If it can be run from a network drive without warning, then, yes, it is safe. When he signed, yes, he did not "probably unknown NewHeur_PE virus".

 

Guys, why so long working with the False positive? What is the problem?

 

If you use "False Positive" in the subject it will be fixed faster.

 

If you have already sent the file to samples[at]eset.com as instructed, please PM me the email address you sent it from. I've tracked down all email wilth "False positive" in the subject, but couldn't find any that seems to be related to your file.

 

Again Alert "probably unknown NewHeur_PE virus" ,
www.virustotal.com 1/38 - NOD32

 

Guys, why so long working with the False positive? What is the problem?

 

Do this again.

 

2009/02/02

 

Again Alert "probably unknown NewHeur_PE virus" ,
www.virustotal.com 1/41 - NOD32