B4J Question Created EXE - virus

DarkoT

Active Member
Licensed User
Hello everyone... A question for which I already know the solution might be difficult, but I'm still curious how you solve this kind of problem. When I create a B4J app for Windows desktop and compile it in release mode within the IDE, the system reports that the EXE is infected with a virus. I know this is a false claim; it’s just an issue with Windows Defender... However, if I compile the same source with B4JPackager11, this error doesn’t occur. What’s the difference, and how can I resolve this issue so that it’s possible to use the internal IDE compiler to create a release EXE? Thanks for the info...
Best regards, Darko
 

aeric

Expert
Licensed User
Longtime User
Since you already know it is a false alarm, this issue will disappear itself after some time.
 
Upvote 0

udg

Expert
Licensed User
Longtime User
Did you try to slightly modify your code (e.g. adding a fake variable somewhere or similar) so that the compiler is forced to produce a new and differente EXE that hopefully doesn't contain the sequence corresponding to a virus signature?
 
Upvote 0

DarkoT

Active Member
Licensed User
Did you try to slightly modify your code (e.g. adding a fake variable somewhere or similar) so that the compiler is forced to produce a new and differente EXE that hopefully doesn't contain the sequence corresponding to a virus signature?
What do you mean by adding a fake variable? Until now, this same code (or EXE program) worked without any issues. However, with the last few updates requested by the users, I added a new feature (essentially a new control within the source code), and now the system reports a problem, saying the EXE contains a virus. It’s true that in the meantime, the antivirus protection was updated on all Windows stations where this app is used. Any other ideas on how to bypass this—besides adding the entire folder to exceptions so the system doesn’t scan it for viruses?
 
Upvote 0

DarkoT

Active Member
Licensed User
Since you already know it is a false alarm, this issue will disappear itself after some time.
Ugh... The problem is that the antivirus prevents this application from running at all, even though it worked without issues until now. It seems that the antivirus system on the Windows stations was upgraded in the meantime, and since then, the system no longer allows the EXE app to run...
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
Like what udg has written, try modify your code a bit.
Especially where the part related to File delete permission for example.
Temporary comment the code that has potential risk of being trigger. Compile it then uncomment it and compile again. In between the steps, try restart your PC.
 
Upvote 0

Brian Dean

Well-Known Member
Licensed User
Longtime User
I also had this problem yesterday so I imagine that we were both hit by the same Windows Defender update. There is as easy fix but it has limitations. The fix is to exclude the folder containing the executable from Defender's scrutiny - type this question into Copilot and you will get clear instructions -

How do I exclude a folder from Windows Defender?

The limitations are these - it works only for Defender, although maybe other virus checkers have similar 'whitelist' options, and it works only for your machine - not so helpful if you have distribited your app.
 
Upvote 0

udg

Expert
Licensed User
Longtime User
What do you mean by adding a fake variable?
Sorry to reply so late; I was on the field for some testing.

What I mean is to try to alter your code (new var, new sub that does nothing useful or related to the real code) in a way that eventually the compiler will generate an EXE that doesn't contain any byte sequence that a virus checker will read as the signature of a known virus.
Once locally you have something that doesn't produce a false positive, than you can try VirusTotal or similar service to broaden the number of AVs programs that don't complain for your EXE. At that point you will have good chances that most of your users will not reach you about a virus alert (that you know beforehand that is a false positive).

This is not 100% fool-proof. AVs don't limit themselves to scan a list of known viruses' signatures but they try to inspect code for potentially unsecure actions (e.g. altering a Register key). What I suggested is just a first countermeasure against an AV reacting bad to your code. Kind of cheating..
 
Last edited:
Upvote 0
Top