I tested latest EVB 3.30.
One and more .tmp files under C:\Users\User\AppData\Local\Temp gives false positives with AVG 2012 free edition.
The generated exe itself is tested clean and runs without problems. But after start the app creates some .tmp files which trigger an AVG2012 alert, see this picture:
My app itself creates a new thread which runs a SSH-tunnel program. If this second exe is included in EVB filelist, the AVG alert is triggered. If I remove this out of the EVB list and copy the tunnel app in the application folder it seems not to trigger the alert.
Are these (problematic) .tmp files really necessary?
Is this known and is there a workaround?
And besides, EVB doesn't seem to clean up its tmp files. After a few runs I have over 100 files all about 2kB in size...
.tmp file gives false positive
.tmp file gives false positive
You do not have the required permissions to view the files attached to this post.
Re: .tmp file gives false positive
Hi doc,
Yes, this is surely false detection and it is very frustrating that it is appearing on even tmp file. Tmp file, really, does not ANY code, it is just needed to run virtualized exe files and some of DLL files.
You may uncheck the Option - Map Executable Files With Temp File in EVB, but this way there is not guaranty that virtualized exe files will be working, but no temp files will be created.
We will try to contact to AVG team and ask to fix this false detection.
Regarding multiple tmp files - yes, some files may not be deleted, agree. But since they are located in temp folder, you should not worry about system stability and so. Tmp files are about 1500 bytes in size only, and the system will clear them itself if it will be required. Anyway, in next EVB release we will make the ability to delete temp files from the disk...
Yes, this is surely false detection and it is very frustrating that it is appearing on even tmp file. Tmp file, really, does not ANY code, it is just needed to run virtualized exe files and some of DLL files.
You may uncheck the Option - Map Executable Files With Temp File in EVB, but this way there is not guaranty that virtualized exe files will be working, but no temp files will be created.
We will try to contact to AVG team and ask to fix this false detection.
Regarding multiple tmp files - yes, some files may not be deleted, agree. But since they are located in temp folder, you should not worry about system stability and so. Tmp files are about 1500 bytes in size only, and the system will clear them itself if it will be required. Anyway, in next EVB release we will make the ability to delete temp files from the disk...
Re: .tmp file gives false positive
Also, if possible, please send this false detection sample to AVG as written there: http://www.softwareprotection.info/2011 ... -to-solve/
We will do this too and hope they solve problem more quickly.
We will do this too and hope they solve problem more quickly.
Re: .tmp file gives false positive
Yes, of course I did that, but strange it is, the .tmp files are scanned positive by my local AVG as malware but the online check after file upload says the file is clean, negative, green check. Locally I'm using the latest scanner update.Enigma wrote:Also, if possible, please send this false detection sample to AVG
And you a right, unchecking "Map Executable Files With Temp File" breaks executing the helper exe files. I can solve this by setting "Always write to disk" for these files, but it's not nice, cause the files get visible during main application execution.
Re: .tmp file gives false positive
Hello
Was this issue with AVG resolved? I am currently experiencing the same kind of problem with Avast, although it is not detected as Malware only as a suspicious file. This is enough to prevent how my program would need to function though as my program creates a compressed AES encrypted executable which can self decrypt.
I am working ways to integrate self deletion after failed password attempts and it uses a very small helper program made in AutoIT which will be launched virtually to do this. I suppose I could look into a .bat file to do this as well.
I have included a Screen Shot of the Warning Message that Avast displays: This will always prevent the action from being executed and even after selecting "run normally" for the next execution of this file it will then display the same Warning Message again.
Was this issue with AVG resolved? I am currently experiencing the same kind of problem with Avast, although it is not detected as Malware only as a suspicious file. This is enough to prevent how my program would need to function though as my program creates a compressed AES encrypted executable which can self decrypt.
I am working ways to integrate self deletion after failed password attempts and it uses a very small helper program made in AutoIT which will be launched virtually to do this. I suppose I could look into a .bat file to do this as well.
I have included a Screen Shot of the Warning Message that Avast displays: This will always prevent the action from being executed and even after selecting "run normally" for the next execution of this file it will then display the same Warning Message again.
You do not have the required permissions to view the files attached to this post.
Re: .tmp file gives false positive
Hi shamballa,
Unfortunately, this issue can't be solved from our side because it is not a problem of our product but the problem of antiviruses that incorrectly detect the file as malware.
I can only recommend to submit the packed sample to avast and ask to fix false detection. As many submissions we make, then more chance the problem will never appear again.
There are written contacts for sample submission: http://www.softwareprotection.info/2011 ... -to-solve/
Unfortunately, this issue can't be solved from our side because it is not a problem of our product but the problem of antiviruses that incorrectly detect the file as malware.
I can only recommend to submit the packed sample to avast and ask to fix false detection. As many submissions we make, then more chance the problem will never appear again.
There are written contacts for sample submission: http://www.softwareprotection.info/2011 ... -to-solve/