Many 'false positive' detection of SPS 2021 generated exe's

Use this forum to ask questions after your subscription maintenance expires or before you buy. Need information on licensing or pricing? Questions about a trial version? This is the right place for you. No scripting questions, please.
Forum rules
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
User avatar
Alexander Riedel
Posts: 7787
Last visit: Mon Oct 25, 2021 2:42 pm
Answers: 6
Been upvoted: 11 times

Re: Many 'false positive' detection of SPS 2021 generated exe's

Post by Alexander Riedel »

Well, all PowerShell technology is .NET based. Usually C#. The exe hosting your code is C# based. It gets compiled on the fly by CSC from IL code to machine code on the specific platform. That is how C# and .NET works.

The Virustotal results have no relation to the these other rules you mention. does not elaborate what the actual findings are.
Almost any given exe will trigger one or two virustotal positives from one obscure engine or another. That is par for the course unfortunately.
The results you mention are location based, so that is not something virustotal could even test for, as it would not know where on YOUR computer that exe would be located.

I have no idea who "Joe Security" or "Florian Roth" are, so I am not going to comment on that. I can also not realistically speak to what a "suspicious location" would be. Or what would not be.
These rules you seem to violate do not correlate to virustotal at all, so, again, I cannot tell where you get these from.

If I would have to venture a guess, I would say that instead of installing your application properly in a "Program Files" folder, you deploy it to a folder that is not a protected folder, e.g. AppData. I also saw that the exe you uploaded to virustotal was unsigned. Windows has rules on where applications should be installed and where they should store data. If you circumvent those, you can get results like that. You need to see how that applies to your situation.
Alexander Riedel
SAPIEN Technologies, Inc.