Prevent AntiVirus From Identifying VB exe as a Threat

[mms_]

Our company recently was the target of a ransomware hack and brought our computer system down for more than two weeks.

They have mad many changes to help prevent them from this happening again.
One of those changes was employing a new antivirus.

This one labels every VB created exe a threat, and immediately quarantines it.

What is a workaround to this problem?

[fafalone]

Whitelist the vb6 project folders. Then perhaps sign the exes after build? Sometimes the overzealous 'all vb6 is malware' (some take it further and flag any 32bit exe) engines will let signed binaries through. A company likely has or can get a better cert than selfsign, if that doesn't work. Submitting samples to the vendor's false positive contact might help too.

Of course I suspect you know my favorite answer... don't use VB6, import the project to twinBASIC Not that tB is completely immune from false positives, especially with 'flag all 32bit' and 'flag all unrecognized' rules some obnoxious engines use, but it does avoid the bad reputation of VB6 exes.

[couttsj]

Each anti virus has its own peculiarities. For Windows Defender see:
https://learn.microsoft.com/en-us/de...nder-antivirus

For older operating systems you can access Defender Settings via the Control panel. For Win 11:
"To exclude a folder from Windows Defender, navigate to Windows Security > Virus & threat protection > Manage settings > Add or remove exclusions. Click "Add an exclusion," select "Folder," and choose the folder to ignore."

I personally have only run across only 1 VB6 program that causes a problem with Windows Defender, and that program manipulates the Desktop screen. On my developer machine I exclude the entire VB6 Utility directory.

J.A. Coutts

[mms_]

OK, thanks for the pointers.
Hopefully I can get this resolved.

[SuperDre]

We had this problem years ago too, we dumped the anti-virus as it wasn't good anyway.
BUT, the workaround is digitally signing each of your application, but this does cost you extra money each year to renew the certificate (as sadly there is no free Let's Encrypt for code signing certificate).

[chris223b]

I came across this years ago. Unfortunately by their nature most VB6 executables will not be in common enough use to have any known 'safe' version for an AV engine to profile against. And the heuristics (particularly if a minor change happens to an already unusual file) often will jump straight to it being malware.

Easiest workaround is just to whitelist the folder, and convince your client that this is operationally necessary.