Why is My EXE Dangerous?

[Steve Meyerson]

My exe (VFP9S2) worked ok, but only after I turned off my client's Win10 protection.

I've updated and built this app at least a dozen times with no problem. The latest exe worked fine on my machine (I use BitDefender with no exclusion for this file or folder), but the file was rejected and removed on his Win10 machine (uses only Win10 built-in protection).

My update only added a couple of reports, included in the project, with nothing unusual. The file is about 1 meg.

I've seen in other posts recommendations to exclude scanning. I couldn't find how to do that in Win10, but I'm puzzled how it could happen in the first place.

Is there something in VFP (or Win10?) which could cause this?

Thanks for any help.

Steve

 

[Koen Piller]

Hi,
Your exe is not dangerous. However to avoid this unwanted messages you have the option to sign your exe. Doug Henning posted some white papers about this.
Please study and buy the digital signature for your exe.

https://doughennig.blogspot.com/2019/

Stay healthy,
Koen

 

[vernpace]

Steve,

Koen is correct, your EXE is not dangerous. However, I don't know if code signing is the solution. We have a few Windows 10 test machines that run unsigned VFP EXEs all the time. However, there were major performance issues with Windows 10 Defender and SQL Server. In fact, the MS SQL Server team recommends disabling AV products. If a file was rejected and removed, then the culprit was probably Windows 10 Defender, another AV, or some intrusive software that your client's company installed.

Before disabling Window Defender, there are a few things you can try:

1) Compile with an Application Manifest that gives your EXE full (and true) admin permissions:

http://www.sweetpotatosoftware.com/...on-manifest-at-compile-time-with-projecthook/

This solved some problems we were having with Windows 10 version 1909.

2) Unblock your EXE if it is blocked:

Windows 10 is nice, but unfortunately has bits of hostile MS code running around...

 

[ggreen61]

Windows 10 Defender also has a feature for blocking programs to write to file locations that can be specified. This is to prevent ransomware attacks. Check the Ransomware Protection settings under the Virus & Threat Protection settings. You might need to allow your exe.

 

[Steve Meyerson]

ggreem61: Thanks. I will try that next time I have access to my client's machine.

vern: I don't have the Unblock option in my properties window (maybe because I'm using the Home version of Win10). I'll check if my client has it. Thanks.

Koen: It looks like I would need to study quite a bit & experiment with digital signing. But I think I'll stick with disabling his AV when updating, for now. But thanks.

Steve

 

[Mike Lewis]

've seen in other posts recommendations to exclude scanning.

This probably relates to scanning of DBFs rather than EXEs. In a typical application, DBFs are frequently being opened and closed - especially the "behind the scenes" DBFs used in SQL code and elsewhere - and scanning each one every time it is opened can cause a significant drop in performance. So many developers or system admins choose to exclude DBFs from background AV scanning. This is unlikely to cause any security issues, given that DBFs do not contain executable code (at least, not the sort of code that a virus is likely to introduce).

None of this has anything to do with your problem, but I thought I would mention it for the sake of completeness.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads

 

[Dan Olsson]

I always recommend that AV should exclude the entire catalogue where the software is installed, which BTW should NOT be in "Program Files". IMHO

 

[Steve Meyerson]

Hi Mike,
Never thought of problem scanning DBF's. In this case however, the program first accesses an SQL database on a remote host and downloads the data needed into several local cursors. The dbf's are created locally only at closing, for a backup.
Steve