question

SteinRuneRisa-8979 avatar image
0 Votes"
SteinRuneRisa-8979 asked TianyuSun-MSFT answered

Windows Defender reporting published VB application as malware

I have a Visual Basic-application that I have created, but when some weeks ago, Windows Defender starting reporting this as malware (Trojan:MSIL/AgentTesla.ARR!MTB).

I tried to recompile it in Visual Studio 2019, but still same result. I then submitted it to the threat intelligence center, and they said that they scanned it, found no issues, and whitelisted it. But still now Windows Defender reports it as malware. It does not seem that the whitelisting is working properly.

I have whitelisted the application in my Windows installation so I can run the application - but I would really like to fix the issue because the application is used by other persons as well.

How can I find out what triggers the malware detection? I have tried to publish both as debug and relase version. Same issue. Anything else I can do to avoid the false positive detection? The application is really simple.


vs-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vb2ae avatar image
0 Votes"
vb2ae answered

I would sign my code when it is compiled. In the project properties click on signing. You can select new and have it create a new cert. Signing will help identify it is your app

96629-sign.png



sign.png (29.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TianyuSun-MSFT avatar image
0 Votes"
TianyuSun-MSFT answered

Hello @SteinRuneRisa-8979 ,

Welcome to Microsoft Q&A forum.

I then submitted it to the threat intelligence center, and they said that they scanned it, found no issues, and allow listed it.

Is the threat intelligence center you mentioned Microsoft Security Intelligence? If no, please check this document: Submit malware and non-malware to Microsoft for analysis and kindly try to submit the related application to Microsoft for analysis.

If you mean you have submitted it to Microsoft, and passed the investigation, but the allow list didn’t work, then is it possible to try to install your application on another PC and test if it still be detected as a malware? If it is available for you to contact Microsoft(Windows Security/Defender related support), I suggest you contact them again and report this issue.

Hope this helps.

Best Regards,
Tianyu


If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.