App being recognized as potentially dangerous

Question

App being recognized as potentially dangerous

Navigation

#1 by (6 votes)
#2 by (0 votes)
#3 by (-3 votes)

6

I usually copy the exe of the path:

C: \ Users \ Username \ source \ repos \ ChatWinForms \ AppName \ bin \ Debug \ AppName.exe

But when I send it to my coworkers to test it, the browser says the file is often dangerous and blocks. After holding the file and trying to run, Windows Defender blocks by default warning that the file can be dangerous.

I even heard that this is because the app was not signed, but I've used several unsigned programs and it never happened, only when it was really some kind of crack, etc ... Well I'm a layman, I may be wrong.

Is there a way to minimize this effect without buying a certificate?

Maybe it's because my app uses the network?

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Sockets;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace ChatWinForms
{

    public partial class ChatWinForms : Form
    {
        private IPAddress address;
        private TcpClient client;
        private StreamWriter writer;
        private StreamReader reader;
        private int tcpPort;
        private System.Media.SoundPlayer newUser = new System.Media.SoundPlayer(@"c:\Windows\Media\Windows Notify Calendar.wav");
        private System.Media.SoundPlayer newMsg = new System.Media.SoundPlayer(@"c:\Windows\Media\Windows Unlock.wav");

        private void ConectaServidor()
        {
            try
            {
                address = IPAddress.Parse(serverIp.Text);
                tcpPort = 25565;
                client = new TcpClient();
                client.Connect(address, tcpPort);
                writer = new StreamWriter(client.GetStream());
                reader = new StreamReader(client.GetStream());
                writer.WriteLine(userInput.Text);
                writer.Flush();
                var response = reader.ReadLine();
                if (response.Substring(0, 2).Contains("01"))
                {
                    DesconectaServidor();
                    MessageBox.Show("Esse usuário já está em uso, tente outro nome.", "Usuário em uso.", MessageBoxButtons.OK, MessageBoxIcon.Information);
                } else
                {
                    msgBox.AppendText(userInput.Text + response.Substring(3) + "\r\n");
                    btnConnect.Text = "Desconectar";
                    btnSend.Enabled = true;
                    msgText.Enabled = true;
                }
            }
            catch (Exception e)
            {
                MessageBox.Show("Erro:" + e.Message, "Erro ao se conectar com o Servidor Remoto", MessageBoxButtons.OK, MessageBoxIcon.Information);
            }

        }
        private void DesconectaServidor()
        {
            reader.Close();
            client.Close();
            msgBox.AppendText("Você foi desconectado..." + "\r\n");
            btnConnect.Text = "Conectar";
            btnSend.Enabled = false;
            msgText.Enabled = false;
        }
        private void EnviaMensagem()
        {
            if (msgText.Lines.Length >= 1)
            {
                writer.WriteLine(msgText.Text);
                writer.Flush();
                msgBox.AppendText("Você diz: " + msgText.Text + "\r\n");
                msgText.Lines = null;
            }
            msgText.Text = "";
        }
        private async void RecebeMensagens()
        {

            while (client.Connected)
            {
                try
                {
                    var data = await reader.ReadLineAsync();
                    if (!string.IsNullOrEmpty(data.Substring(3)))
                    {
                        if (data.Substring(0, 2).Contains("02"))
                        {
                            newUser.Play();
                        }
                        if (data.Substring(0, 2).Contains("03"))
                        {
                            newMsg.Play();
                        }
                        msgBox.AppendText(data.Substring(3) + "\r\n");
                    }
                }
                catch (Exception Ex)
                {
                    if (Ex is IOException)
                    {
                        DesconectaServidor();
                    }
                    if(Ex is ObjectDisposedException)
                    {
                        client.Close();
                    }
                }

            }
        }




        public ChatWinForms()
        {
            InitializeComponent();
        }

        private void btnSend_Click(object sender, EventArgs e)
        {
            EnviaMensagem();
        }
        private void btnConnect_Click(object sender, EventArgs e)
        {
            if(btnConnect.Text == "Conectar")
            {
                ConectaServidor();
                RecebeMensagens();
            } else
            {
                DesconectaServidor();
            }

        }

        private void msgText_KeyPress(object sender, KeyPressEventArgs e)
        {
            if (e.KeyChar == (char)13)
            {
                EnviaMensagem();
            }
        }
    }
}

c#

asked by anonymous 03.10.2017 / 02:32

3 answers

0

I believe that the correct way to solve your problem would be to implement a Setup Project for you to pass on to your stakeholders, more information at the following link: link a video example of the procedure: link

03.10.2017 / 15:51

-3

Dude I do not know exactly how to explain, but recently where I worked we had to develop a tool that was similar to Teamviewer And even we were having the same problem, we had to cryptar the .exe file for the antivirus not to detect, this is not a correct way to do it.

At the time I remember reading something that said, when we use information from another machine without basic authentication is considered a virus.

Here is a print of the message at the time:

Link my post with a similar question

03.10.2017 / 15:08

Script to find and replace words in multiple files 'NT AUTHORITY \ ANONYMOUS LOGON' failed in SQL Server 2012 on remote server

score 6 · Accepted Answer

There are several factors for Windows to consider an executable as dangerous :

ClickOnce and its permissions

Executables signed with ClickOnce make admin permissions easier to be managed by the Windows User Account Control (UAC), setting what the application will use, and whether the computer administrator permission is required.

Windows Installer Deployment requires administrative permissions and allows limited user installation only; ClickOnce Deployment allows non-administrative users to install and only grants the security permissions of the code access required by the application.

ClickOnce is automatically included since the 2010 release of Microsoft Visual Studio, and it's free.

Digital Signature

To make a trusted application, you must sign in two ways: ClickOnce manifests and executable manifests.

ClickOnce Manifests are digitally signed by a key. This key is obtained by a repository, file, or you can create a certificate through the machine's user. If it has a developer license, and is logged into the Visual Studio account, the security is even greater.

Executable manifests are meant to make the executable with a strong name . This does not guarantee complete security, but rather the source of this file.

Information contained in the executable

Thisguaranteesonlythebasicinformationabouttheexecutable.Itdoesnotguaranteeanauthenticsecurity,butratheralittlemoreaboutit.Thisinformationis"shielded" in the executable, so they are virtually impossible to change.

Malicious code

Anti-virus has by default decompiled and parsed the executable's IL-Code, with its definitions base, to find possible "suspicious" codes. For example, there are projects on the internet such as LOIC (application used to make DoS on weak networks) has its code blocked. But any minor change in it, can bypass this lock.

It is almost uncertain to know the source of a virus and / or its code.

Where did this file come from?

Executables are assigned as Downloaded from the internet on Windows systems, creating an extra protection for the user, even if the executable has no manifest, signature or certified.

By default, on Windows systems this is enabled by almost all files and can be easily deactivated per file. Here's the example:

An MD5 checker ( md5sum.exe ) downloaded here has been stored in my Downloads folder. Google Chrome found no threats, not even Windows:

MarkingtheCheckBox"Unlock" will leave the file unprotected by Windows.

How to get around this?

Sign, compact for a .zip with MD5 , make sure the file is uploaded via a known Uploader, such as Google Drive, Dropbox, or OneDrive.

>

If an anti-virus encounters a false-positive , obfuscate the file .