C#•8mo ago

✅ False Positive Virus Detection on my C# network ping code

So i'm trying to make a simple ping utility that just given a bunch of hostnames, does a ping to the host periodically, and graphs the results. I can make the app and it works fine for my needs. But I publish it and send it to my buddy to have a look at and his corporate Windows Defender says its a virus and deletes it. If i scan my published files it detects it as "MaxSecure Trojan.Malware.300983.susgen" on virustotal. the specific lines of code that seem to trigger this behaviour are as follows

        public async Task AddPing()
        {
            Ping p = new();

            var reply = await p.SendPingAsync(hostname);
           
            if (reply.Status != IPStatus.Success)
            {
                Debug.WriteLine(hostname + " error :" + reply.Status.ToString());
            }

            ///////////////////////////// this line triggers the MaxSecure Trojan.Malware.300983.susgen
            await AddResult(reply.RoundtripTime);

            return;
        }

        public Task AddResult(long pingresult)
        {
            _results.Add(pingresult);

            return Task.CompletedTask;
        }

        public async Task AddPing()
        {
            Ping p = new();

            var reply = await p.SendPingAsync(hostname);
           
            if (reply.Status != IPStatus.Success)
            {
                Debug.WriteLine(hostname + " error :" + reply.Status.ToString());
            }

            ///////////////////////////// this line triggers the MaxSecure Trojan.Malware.300983.susgen
            await AddResult(reply.RoundtripTime);

            return;
        }

        public Task AddResult(long pingresult)
        {
            _results.Add(pingresult);

            return Task.CompletedTask;
        }

I guess my question is, how do I stop this from happening other than randomly changing my code and hoping it doesn't flag as a false positive?

9 Replies

Marvin•8mo ago

public async Task AddPing()
{
    Ping p = new();

    var reply = await p.SendPingAsync(hostname);

    if (reply.Status != IPStatus.Success)
    {
        Debug.WriteLine(hostname + " error :" + reply.Status.ToString());
    }

    ///////////////////////////// this line triggers the MaxSecure Trojan.Malware.300983.susgen
    await AddResult(reply.RoundtripTime);

    return;
}

public Task AddResult(long pingresult)
{
    _results.Add(pingresult);

    return Task.CompletedTask;
}

public async Task AddPing()
{
    Ping p = new();

    var reply = await p.SendPingAsync(hostname);

    if (reply.Status != IPStatus.Success)
    {
        Debug.WriteLine(hostname + " error :" + reply.Status.ToString());
    }

    ///////////////////////////// this line triggers the MaxSecure Trojan.Malware.300983.susgen
    await AddResult(reply.RoundtripTime);

    return;
}

public Task AddResult(long pingresult)
{
    _results.Add(pingresult);

    return Task.CompletedTask;
}

just for better readability

MJTOP•8mo ago

thanks, sorry I cant work out how to get it to mark it as code

Marvin•8mo ago

normally it even does color highlighting but im too dumb atm

many things•8mo ago

it's ```cs

Ploot•8mo ago

Defender is pretty twitchy when it comes to unsigned executables. Generally the best way you can avoid this is by signing executables you publish

jcotton42•8mo ago

I noticed you said “corporate,” your buddy’s IT probably won’t like them running random exes.

MJTOP•8mo ago

oh yeah I get what you mean, he runs the IT though 🙂 I just wanted to see if my program works on a random machine, eg .net installed and stuff. I wasn't expecting a virus warning to be triggered also the intention for this was just to provide a bit of a sample application as part of a portfolio. The idea was to give a github repo of it that people could look at or build themselves. Not much good if they build it and it triggers a virus warning. not a good look

MJTOP•8mo ago

It seems that signing the assembly with a generated key works

MJTOP•8mo ago

generated key using command sn -k sgKey.snk not sure if this is a permanent solution or just coincidence, but it seems to work when its the only change I made between testing

Gaming

Programming

✅ False Positive Virus Detection on my C# network ping code

Did you find this page helpful?