Resolving false positive in Windows Defender analyzing GoGreenPCTuneUpInstaller EXE
by Mountain Computers Inc., Publication Date: Monday, June 29, 2020
View Count: 1868, Keywords: Windows Defender, False Positive, Resolution, Code Signing, SSL.com, Hashtags: #WindowsDefender #FalsePositive #Resolution #CodeSigning #SSL.com
By the time you read this, you probably won't have this error like I did right after I renewed my code signing certificate for the GoGreen PC TuneUp software.
These instructions are purely for other developers who need to contact Microsoft with your code to have them independently review your code package to have it delisted from being a trojan or malicious. The Smart Screen submission I did as well as a separate submission since one was malware and one was smart screen. The difference between a code signing certificate (basic) vs (EV) is price, yet my code sign certificate has been 2+ years old and working fine until the certificate was renewed.
If you have a program that is given a false positive, you can submit it to Microsoft to have them review it and take it off the malicious list, a false positive. I tested my software on other platforms with other anti-virus programs and it came back clear. I did a code review and it was good and passed checksums as well.
Use this link to make your submission:
I chose the Home Customer submission since it provided me with the least amount of questions regarding my submission, and most of the information I did not have that was needed as a Developer or Enterprise Customer submission.
Trojan:Win32/Azden.B!cl
file: gogreenpctuneupinstaller.exe
Submission ID: 8011cf75-4572-4187-90a9-f61d22553a58
Status: Completed
Submitted by: xxxxxxxxxx@mountaincomputers.org
Submitted: Jun 28, 2020 8:31:31 AM
User Opinion: Incorrect detection
Analyst comments:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run "MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
more to come...
if you found this article helpful, consider contributing $10, 20 an Andrew Jackson or so..to the author. more authors coming soon
FYI we use paypal or patreon, patreon has 3x the transaction fees, so we don't, not yet.
© 2024 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.