Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, August 31, 2016 3:38 PM | 2 votes
Problem: When I compile my C program in Visual Studio 2015, Norton anti virus removes the executable file Consoleapplication6.exe and or a “virus” it names as Heur.AdvML.B. and my C program will not run.
Question1: Is there really a virus or is there an executable file generated that Norton thinks is a virus?
Question 2: How can I resolve this and get my program running?
All replies (11)
Wednesday, August 31, 2016 3:47 PM ✅Answered
Problem: When I compile my C program in Visual Studio 2015, Norton anti virus removes the executable file Consoleapplication6.exe and or a “virus” it names as Heur.AdvML.B. and my C program will not run.
Question1: Is there really a virus or is there an executable file generated that Norton thinks is a virus?
Question 2: How can I resolve this and get my program running?
It's a mistake by Norton Antivirus. You should be able to set the preference of Norton Antivirus to avoid looking at the folder where you create Visual Studio projects.
Friday, September 2, 2016 3:49 AM ✅Answered
Problem: When I compile my C program in Visual Studio 2015, Norton anti virus removes the executable file Consoleapplication6.exe and or a “virus” it names as Heur.AdvML.B. and my C program will not run.
Question1: Is there really a virus or is there an executable file generated that Norton thinks is a virus?
Question 2: How can I resolve this and get my program running?
Hey Tommy,
If you feel that the file is safe, you can try the steps mentioned here: https://support.norton.com/sp/en/us/home/current/solutions/kb20100222230832EN_EndUserProfile_en_us
Thanks
Raj
Norton Support
Sunday, September 25, 2016 4:13 PM ✅Answered
I have a similar experience.
I used MSVC 2015 for quite a time and did never experience any issue like that? But since the update 2 or 3 , I have frequently this NAV heuristic causing trouble. Even for almost empty programs having definitively no suspicious activity.
I first suspected some library to be infected, but sometimes adding a couple of instructions more makes the same programme compiling perfectly well.
Answer 1: although one never can be 100% sure, there is a very high probability that this is a false positive. Try out a scan with another AV, if you're anxious.
Answer 2: There's a nice post from Symantec about this, here: https://community.norton.com/en/comment/7140901#comment-7140901 to show how to exclude your Project folders from the antivirus checks
Remark: with all these wild antiviruses checks, the progamms I trust most, those that I have crafted myself, are now routinely marked as risky (no signature, very new, not many users) when not deleted. Isn't this ironic ?!
Thursday, September 1, 2016 7:56 AM
Hi tommyvolts,
Before starting VS, please disable all anti-virus software. Then run your application to observe whether have issues.
Sincerely,
Oscar
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.
Wednesday, October 5, 2016 3:36 PM
I have had the exact same experience. Never had a problem with Visual Studio 2013. Didn't originally have a problem with VS 2015 but something must have changed in either VS 2015 or Norton. I did a full system scan with Norton and it reported no problems. As soon as I compile and run even an almost empty console application with VS 2015 Norton flags and quarantines the .exe. For me this only happens when in the "Debug" configuration and building a "x86" exe. If I switch to the "Release" configuration and rebuild Norton does not detect anything. Furthermore if I rebuild this program as "x64" no problems are reported for both the "Debug" and "Release" configurations. Very strange that Norton detects a problem in an .exe that basically displays "Hello World!". Also, if I sometimes just add one additional line of code the problem goes away. I uploaded my supposedly "infected" .exe to totalvirus.com and 95% of all virus scanners (I think there were 57) reported no problem, including Malwarebytes, Avast, Kaspersky, and other highly rated virus scanners. Norton was the only well known scanner to report a problem. Those scanners that didn't report a problem can't all be wrong. So I'm just going to assume a false positive.
Friday, October 7, 2016 9:00 AM
Hi rpgarrett,
Just as NortonSupport’s reply, you could report your issue to that site, I think engineers will evaluate this issue seriously.
Sincerely,
Oscar
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.
Saturday, October 8, 2016 12:12 AM
I am having the same problem with two of my programs. I have submitted them to Norton who say they are false positives. I have tried other Anti-Virus programs and they do not detect any problems.
Saturday, October 8, 2016 12:19 AM
Anti virus software vendors are getting desperate to catch all viruses so they do things like throw up new programs as being viruses.
I have been caught out a few times with this. I sent my program to Norton and they added it to their safe list. But no sooner had I updated the program than it showed up as a virus again !
I can see why Microsoft is moving towards apps run in sandboxes.
n.Wright
Tuesday, October 11, 2016 1:36 AM
Problem: When I compile my C program in Visual Studio 2015, Norton anti virus removes the executable file Consoleapplication6.exe and or a “virus” it names as Heur.AdvML.B. and my C program will not run.
Question1: Is there really a virus or is there an executable file generated that Norton thinks is a virus?
Question 2: How can I resolve this and get my program running?
I had this problem when I was creating the MvcMovie core site as per https://docs.asp.net/en/latest/tutorials/first-mvc-app/start-mvc.html
If you follow the exact instructions on the site then your project will have a dll named MvcMovie.dll I'm guessing that maybe someone created a dll with that same name and it turned out to be a virus or malware. So I simply created a project with a unique name (specific to me). For example, I called my project MvcCoreSite. I did not have any issues afterwards.
So to answer your questions:
1. Is there really a virus or is there an executable file generated that Norton thinks is a virus? If by virus you mean is there a DLL or EXE file that has the same name as the one that you created and is malicious - yes that is possible.
2. How can I resolve this and get my program running? To resolve the problem try giving your program a unique name so that your DLLs are not mistaken for a malicious file. If you are following a tutorial (like I was) make sure you replace the namespace with your actual namespace and you're good to go.
Wednesday, September 19, 2018 8:19 AM | 1 vote
I had this problem with Symantec detecting my C# program as Heur.AdvML.B and deleting the executable.
It turned out that the problem was a hard-coded local IP address in the code. I have slightly obfuscated it:
List<string> ipparts = new List<string>() { "192", "168", "1", "102" };
udp = new UDPService(string.Join(".", ipparts), 65001, 65001);
Now my program is fine.
Tuesday, May 5, 2020 2:34 PM
Problem: When I compile my C program in Visual Studio 2015, Norton anti virus removes the executable file Consoleapplication6.exe and or a “virus” it names as Heur.AdvML.B. and my C program will not run.
Question1: Is there really a virus or is there an executable file generated that Norton thinks is a virus?
Question 2: How can I resolve this and get my program running?
It is now May 2020, and this issue still persists between Symmantec and VS 2019 builds. My Platform Toolset is Visual Studio 2019 (v142), and Windows SDK is set to 10.0 (latest installed version) and my network is running the latest Symmantec Endpoint Protection.
Since I work in a corporate environment with a managed A/V, I don't have the option of excluding development folders, and IT would never allow an exclusion on their network. I ran a couple of tests, and it does seem that this issue occurs with x86 Debug builds, but not x64 or Release builds as others had suggested.
I could theoretically try to see if this issue occurs with clang or g++, or older (or newer) versions of the standard libraries or compiler toolset, but I am reluctant to test this fully because it is not fun having to repeatedly explain to IT why I keep getting flagged by Symmantec.
You can't get much simpler than HelloWorld.exe. So what is it about this build that triggers Symmantec? Has anyone done any in-depth testing on this? Is it the VS debugger? Is it the use of certain versions of certain libraries? Does it go away once your build exceeds a certain complexity (as some have suggested)? Are there any compiler flags that will avoid this false positive.
Rather than increasing risk by telling Symmantec to ignore potential threats (even if it is likely a false positive), I'd like to try and configure VS to build something that doesn't trigger Symmantec.
Any thoughts?