App being recognized as potentially dangerous

Asked

Viewed 1,105 times

6

I usually copy the exe of the way:

C: Users Username source Chatwinforms Appname bin Debug Appname.exe

But when sending it to my colleagues for testing, the browser says that the file is usually dangerous and blocks. After keeping the file and trying to run, Windows Defender locks by default warning that the file may be dangerous.

I even heard that this is because the app was not signed, but I’ve used several unsigned programs and it never happened, only when it really was some kind of crack, etc... Well I’m a layman, I could be wrong.

Has a way to minimize this effect without buying a certificate?

Maybe it’s because my app uses the network?

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Sockets;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace ChatWinForms
{

    public partial class ChatWinForms : Form
    {
        private IPAddress address;
        private TcpClient client;
        private StreamWriter writer;
        private StreamReader reader;
        private int tcpPort;
        private System.Media.SoundPlayer newUser = new System.Media.SoundPlayer(@"c:\Windows\Media\Windows Notify Calendar.wav");
        private System.Media.SoundPlayer newMsg = new System.Media.SoundPlayer(@"c:\Windows\Media\Windows Unlock.wav");

        private void ConectaServidor()
        {
            try
            {
                address = IPAddress.Parse(serverIp.Text);
                tcpPort = 25565;
                client = new TcpClient();
                client.Connect(address, tcpPort);
                writer = new StreamWriter(client.GetStream());
                reader = new StreamReader(client.GetStream());
                writer.WriteLine(userInput.Text);
                writer.Flush();
                var response = reader.ReadLine();
                if (response.Substring(0, 2).Contains("01"))
                {
                    DesconectaServidor();
                    MessageBox.Show("Esse usuário já está em uso, tente outro nome.", "Usuário em uso.", MessageBoxButtons.OK, MessageBoxIcon.Information);
                } else
                {
                    msgBox.AppendText(userInput.Text + response.Substring(3) + "\r\n");
                    btnConnect.Text = "Desconectar";
                    btnSend.Enabled = true;
                    msgText.Enabled = true;
                }
            }
            catch (Exception e)
            {
                MessageBox.Show("Erro:" + e.Message, "Erro ao se conectar com o Servidor Remoto", MessageBoxButtons.OK, MessageBoxIcon.Information);
            }

        }
        private void DesconectaServidor()
        {
            reader.Close();
            client.Close();
            msgBox.AppendText("Você foi desconectado..." + "\r\n");
            btnConnect.Text = "Conectar";
            btnSend.Enabled = false;
            msgText.Enabled = false;
        }
        private void EnviaMensagem()
        {
            if (msgText.Lines.Length >= 1)
            {
                writer.WriteLine(msgText.Text);
                writer.Flush();
                msgBox.AppendText("Você diz: " + msgText.Text + "\r\n");
                msgText.Lines = null;
            }
            msgText.Text = "";
        }
        private async void RecebeMensagens()
        {

            while (client.Connected)
            {
                try
                {
                    var data = await reader.ReadLineAsync();
                    if (!string.IsNullOrEmpty(data.Substring(3)))
                    {
                        if (data.Substring(0, 2).Contains("02"))
                        {
                            newUser.Play();
                        }
                        if (data.Substring(0, 2).Contains("03"))
                        {
                            newMsg.Play();
                        }
                        msgBox.AppendText(data.Substring(3) + "\r\n");
                    }
                }
                catch (Exception Ex)
                {
                    if (Ex is IOException)
                    {
                        DesconectaServidor();
                    }
                    if(Ex is ObjectDisposedException)
                    {
                        client.Close();
                    }
                }

            }
        }




        public ChatWinForms()
        {
            InitializeComponent();
        }

        private void btnSend_Click(object sender, EventArgs e)
        {
            EnviaMensagem();
        }
        private void btnConnect_Click(object sender, EventArgs e)
        {
            if(btnConnect.Text == "Conectar")
            {
                ConectaServidor();
                RecebeMensagens();
            } else
            {
                DesconectaServidor();
            }

        }

        private void msgText_KeyPress(object sender, KeyPressEventArgs e)
        {
            if (e.KeyChar == (char)13)
            {
                EnviaMensagem();
            }
        }
    }
}
  • 1

    I believe that because it is not a popular executable the antivirus/firewall will treat as a threat, so many software you downloaded may not have triggered the alert since it is probably part of a trusted list, the output here I believe would simply add your exe to the exclusion list of your Windows Defender: https://support.microsoft.com/pt-br/help/4028485/windows-10-add-an-exclusion-to-windows-defendr-antivirus

  • Really, this about popularity makes sense.

  • When you use Tcpclient or any derivative, Voce needs to insert permisao into the firewall.

3 answers

7


There are several factors for Windows to consider an executable like dangerous:

Clickonce and its permissions

Executables signed with Clickonce make administrator permissions easier to be managed by the Windows UAC (User Account Control), defining what the application will use, and whether computer administrator permission is required.

Windows Installer deployment requires administrative permissions and allows limited user installation only; Clickonce deployment allows non-administrative users to install and grants only security permissions for access to the code required by the application.

Clickonce is automatically included since the 2010 version of Microsoft Visual Studio, and is free.

Digital signature

To make an app reliable, should be signed in two ways: Clickonce manifests and executable manifests.

Clickonce manifests are digitally signed by a key. This key is obtained by a repository, file or you can create a certificate through the machine user. If it has a developer license, and is logged in to the Visual Studio account, the security is even greater.

Executable manifests are made to render the executable with a strong name. This does not guarantee total security, but rather the origin of this file.

Information contained in the executable

inserir a descrição da imagem aqui This ensures only basic information about the executable. It does not guarantee genuine security, but rather a little more origin about it. This information is "shielded" in the executable, so it is virtually impossible to change.

Malicious code

Anti-virus has by default decompile and analyze the IL-Code of the executable, with its base of definitions, find possible "suspicious" codes. For example, there are projects on the internet such as the LOIC (application used to make Dos on weak networks) has its code blocked. But any slightest change in it, can circumvent this lock.

The origin of a virus and/or its code is almost uncertain.

Where this file came from?

Executable upados for internet are assigned as Downloaded from the internet on Windows systems, creating a extra protection for the user, even more so if the executable has no manifest, signature or certificate.

By default, on Windows systems this comes activated by almost all files and can be easily disabled by file. Follow the example:

A verifier of MD5 (md5sum.exe) downloaded here, was stored in my Downloads folder. Google Chrome did not find any threats, nor Windows:

inserir a descrição da imagem aqui

Marking the CheckBox "Unlock" will leave the file unprotected by Windows.

How to get around this?

Signing, compact for a . zip, certify the file and send through a Uploader known as Google Drive, Dropbox or Onedrive.

  • 1

    Assine, compacte para um .zip com MD5, certifique o arquivo e envie através de um Uploader conhecido, como o Google Drive, Dropbox ou OneDrive. Interesting, I hadn’t thought about it, and seeing that way Google Drive already checks for viruses before accepting. ;)

  • 1

    Using Clickonce and doing this step of the "Trustworthy Uploader" already solved the problem, I will leave the reward active until the end of the deadline just to see if more answers, +1

0

-3

Dude I don’t know exactly how to explain it to you, but recently where I work we had to develop a tool that was similar to Teamviewer And even we were having the same problem, we had to cryptar the . exe file for the Antivirus not to detect, this is not a correct way to do.

At the time I remember reading something that said, when we use information from another machine without basic authentication is considered virus.

Follow a print of the message at the time: inserir a descrição da imagem aqui

Link from my post with a similar question

  • 1

    Your program will still be evaluated as malicious by many anti-viruses. The correct is to use evidence and UAC.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.