certificatehttpclientclient-certificatesantivirusvirus-scanning

Software Signing and antivirus blocking


I'm a software developer who works as a freelancer, and my question has two parts.

First part:

I was working on a project then out of nowhere while testing on windows 10 VM windows security start blocking my app, I have a legit Bitdeferter and Malwarebytes on my main machine, and when I scanned my app (the EXE file from C# project) everything is clean, yet when I uploaded the file to virustotal.com it shows 5 detections enter image description here

I start doubting my code and NuGet packages (I use Microsoft.AspNet.WebApi.Client and Newtonsoft.Json) so I removed them and to my surprise, I only got 2 detections out of 5.

I even create an empty Console app and still get those 2 detections, and my main machine still shows nothing as a virus.

So does that mean that my app is good but needs to be signed?

Second part:

If my issue is just a signing certificate, do I need as a developer to obtain that or my client, and then I only sign his/her app under his/her certificate?

Thank you.


Solution

  • Many engines treat VirusTotal samples very harshly, and any new executable has very low reputation (never having been seen before).

    Therefore you will get lots of false-positives from VirusTotal when looking at your own new binary.

    Signing is likely to help somewhat - at least there's a chance that you can build reputation in your certificate rather than each binary separately.

    As far as I know, you get the signing certificate for you as a developer, although that might be different if you are providing source code and the client is building the end executable.