QB64PE Programs being flagged as having trojans

[hanness]

I have multiple programs that I have written in QB64PE that get flagged by Windows Defender on Windows 11 as having trojan malware.

For now I've been setting exceptions in the antivirus software, but I'm wondering if there is any other kind of strategy to avoiding this in the future.

[SMcNeill]

Can you share one of these samples?  I never tend to have Defender flag a QB64 program for me.

[TerryRitchie]

Can you share one of these samples?  I never tend to have Defender flag a QB64 program for me.

Same here, Norton and Sophos always flag QB64 and compiled executables but Microsoft Security Essentials and Defender never report them.

[hanness]

I'll share one as soon as I get one :-). Let me explain:

I have two main programs that this keeps happening with. One of them is over 1,000 lines, the other is over 16,000 lines. I've been actively updating both programs and the problem does not happen with every build. As I noted, I currently have exceptions in place so I don't even know if my current build would be at all affected.

I'll remove the exceptions and next time I run into the issue I'll post the offending code.

[bplus]

I remember having Windows refuse to run a couple of programs that I downloaded in DownLoads Folder.

One was forewarned by Pete that that might happen. There was another program, huge, that Windows 10 64 bit also refused but I don't remember name. Maybe it was yours @hanness ;-))

It typically infers a QB64 compiled program is not secure, but I usually press run anyway after I scan source for potential file killing and such.

[TempodiBasic]

This problem has not happened for all the QB64pe versions and also with QB64 2.02!

I never  have got a warning or a blocking message for my compiled programs...

In the past I have got this issue with versions about 1.3 or 1.5 of QB64.
(windows 7, windows 10, and now windows 11)

[grymmjack]

BitDefender here.

I think it's because of the way that we can use QB64 to send keys to the OS?

Virus Total scan showing galaga.exe as false positive.

How can we tell it's a false positive?

Look at the scanners that "found" issues and compare it vs. the ones that did not.

Also check the sandboxes:
https://www.virustotal.com/gui/file/5113...1/behavior

Anyway I added an exception to my Bitdefender to overcome all this because it's nonsense.

Also, note in my case, I setup an exception for things from github myself that I trust, (i:\git) but this was found because I ran it from an attached map drive with a different drive letter. That's why it is redundant.

I wouldn't worry about this, as 90% of the scanners found nothing wrong. Even the Microsoft SysInternal sandbox finds it clean. You can see exactly what it does there.

VirusTotal is a good tool.

[Kernelpanic]

In this area of the Windows universe (Screenshot), MS tries to mimic something like Linux's home directory. But it's just a try! Because this whole part is under observation of the system; which in itself is correct. Download is actually OK, but if a program (a.exe) is also to be executed in this area, the alarm bells will ring.

I never had such problems because:
First, my download folder was and is never on C:\ (since Win XP Prof always on D:\)
Secondly, since MS-DOS 3.1 all programming languages I have ever used and executed are on D:\

This used to be practically meaningless, but since Win XP it has become important and the Windows system is "smart" enough to recognize that the executable was created by the user and is OK. This is much more complicated than under Linux, where this is only possible in the home directory.

Under Windows I can also compile and run a QB64 program under G:\, or just run it, the system recognizes that it was the (main) user the creator of the program was.

Conclusion: Do not set up the working directory on C:\!

There are good free programs for dividing a hard disk into logical partitions, for example: Minitool Partion Manager