Author Topic: Test your AV software  (Read 7372 times)

jj2007

  • Member
  • *****
  • Posts: 13945
  • Assembly is fun ;-)
    • MasmBasic
Test your AV software
« on: November 14, 2015, 08:27:44 PM »
The attached proggie
- downloads an archive from the web
- unzips an executable called "JWasm.exe"
- launches that executable
- launches another one that is supposed to be already on your harddisk, in C:\Masm32\bin
- launches a tiny executable that was created on the fly.

All that works fine on my box equipped with Windows Defender, and I am curious which AV, if any, have a problem with the list of actions above 8)

Source is included (.asc, opens in WordPad or RichMasm). If you trust me, just double-click the exe and tell me what your AV thinks about it...

ragdog

  • Member
  • ****
  • Posts: 609
Re: Test your AV software
« Reply #1 on: November 14, 2015, 09:41:03 PM »
Hello Jochen

With Eset works fine under Kaspersky is  a boom  a false positiv

jj2007

  • Member
  • *****
  • Posts: 13945
  • Assembly is fun ;-)
    • MasmBasic
Re: Test your AV software
« Reply #2 on: November 14, 2015, 10:28:10 PM »
Hello ragdog,
Thanks for testing. Considering what the proggie does, I would call it a "true positive" :P

ragdog

  • Member
  • ****
  • Posts: 609
Re: Test your AV software
« Reply #3 on: November 14, 2015, 11:01:00 PM »
Sure Jochen

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 10583
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Test your AV software
« Reply #4 on: November 14, 2015, 11:21:50 PM »
Sad to say I am of no use to you as I also run just Windows Defender and occasional on demand scanning with MalwareBytes. When I wrote the install for the most recent MASM32 I had to test disk read, write and delete to make sure if an AV scanner was going to interfere with the installation. These are the three things that at least some of the crappy AV scanners will squark at.

- downloads an archive from the web

Some will block downloads.

- unzips an executable called "JWasm.exe"

Some will block writing an executable to disk.

- launches that executable

Some will prevent at least some executable files from starting.

I recommend that a developer set their development profile in their OS version so that neither the OS or AV scanners will interfere with normal development operations.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

jj2007

  • Member
  • *****
  • Posts: 13945
  • Assembly is fun ;-)
    • MasmBasic
Re: Test your AV software
« Reply #5 on: November 15, 2015, 02:23:32 AM »
Point is I never changed the configuration of Windows Defender. So with standard settings, it lets you download archives and execute stuff without even asking "are you sure?"... who has such a "defense" should better be careful when clicking on some link :P

ragdog

  • Member
  • ****
  • Posts: 609
Re: Test your AV software
« Reply #6 on: November 15, 2015, 03:47:15 AM »
@Jochen

I think it is ok Urldownloadtofile or other Inet apis use many Updater from anything app
and your code what you write in ~tmpTest.asm  compile it with Jwasm and your AV check it after build your exe
for  malicious code and found nothing.