Today we received 2 different support requests from users informing that their Antivirus software identified IW14.2.8.exe as a virus/trojan. Among the AV software we find Kapersky, Zone Alarm, Windows Defender and Symantec.
Kaspersky is famous for its heuristic engine false positives, specially against binaries compiled by any Delphi version. Zone Alarm shares the same engine so whenever Kaspersky reports something, Zone Alarm will do the same. (Un)Fortunately, Delphi is one of the few native programming languages left and that’s why it is used by many virus creators.
We have this issue from time to time, and not only with IntraWeb but CrossTalk as well. Basically, using Delphi makes the chances of any EXE being flagged as a virus higher because the AV engines rely a lot on heuristics. And since so many viruses are written in Delphi, they “learn” the signature of Delphi created EXEs in many cases rather than the virus itself.
We have reported the false positives to Microsoft and Symantec. We already have Symantec response, confirming that the report is a false positive, as follows:
In relation to submission 97436.
Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:
File name: iw14.2.8.exe
Note: Whitelisting is available by downloading a RAPID RELEASE indicated in the Further Information section below or via the next Live Update
Required RAPID RELEASE sequence >= 194141
The latest Rapid Release definition available here: http://[url]ftp.ftp.symantec.com/AVDEFS/…pidrelease[/url]
To check the current sequence number of the Rapid Release definition: https://www.symantec.com/security_respon…pidrelease
More information on Rapid Release definitions can be found: https://support.symantec.com/en_US/artic…03326.html
If detection persists, please contact support:
* Norton: https://support.norton.com/sp/en/us/home/current/info
* SEP: https://support.symantec.com/en_US/endpo…54619.html
Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.
For more information on best practices to reduce false positives:
Symantec Security Response