Are AV False Positives Hurting You?

Gerald asks: "After the most recent Wireshark release a certain AV vendor's product started warning users that the installer contained adware. Since then, I've spent several hours verifying this isn't the case, trying to get the AV vendor to fix their stuff, and reassuring affected users that we do not ship adware with our product. Unfortunately, this isn't an isolated case. I've had to do this several times over the past few years, and each incident uses up time that could have been better spent elsewhere. It's even worse for other projects. If you produce software, have you ever suffered collateral damage from AV false positives?"

Nope, Running Linux...

[DaGoodBoy]

Had to say it... ;)

D

yup

[TheSHAD0W]

I've had false positives from AV software before thanks to my use of NSIS as an installer. Apparently it's also a favorite of malware creators. I don't blame Nullsoft, but instead lazy AV makers who should know about NSIS by now and should test their signatures against it before publishing them.

Re:yup

[_xeno_]

Yep - I've had an overzealous config of Norton delete every NSIS installer I had created. (Which was a number, used for installing various components of an in-house software system.) Specifically Norton had decided that every installer created by NSIS 2.17 was a virus, and someone had configured the file server where I had the installers to delete infected files (instead of just quarantining them).

Re:Yes, this has been a problem for Nmap too

[Twon]

I'm pretty sure they hate netcat as well; I had to convince my IT guys to whitelist it after it kept getting quarantined/deleted from my machine. Apparently it's a "hacker tool." I wonder when they'll come for tcpip.sys...