When I was working on this program, I did a Make at one point to sanity-check the syntax after some changes I had made in the Worker Project here. This triggered Defender (Windows 10 2004):
Trojan:Win32/Vibem.C
The application consists of 2 Projects, Client.vbp and Worker.vbp, which work together.
Client.exe starts an instance of Worker.exe, they rendezvous via broadcasts of a custom registered window message, and then they communicate further using WM_COPYDATA and a few application messages numbered starting at WM_APP.
Worker simulates a long-running background workload. It gets a count of desired rows and columns, creates a 2D Double array, fills it with Rnd() values, to simulate a slow crunching activity it calls Sleep(1000) after each row, and reports progress and checks for a Cancel indication from Client. Finally, if not canceled, it returns the array contents to Client where the values are displayed in a grid control.
Seems like pretty generic stuff, really.
So why did this trigger a malware warning? Why did this go away after making a few more changes?
Any ideas?
I'd like to think that it was merely due to chance that something in the compiled program matched a malware signature. A "something" that was no longer there after more program changes.
The problem did not occur until I added the use of my WM_APP_SYNC message. That's probably mere coincidence though since the working "non-offending" programs work fine and Defender doesn't cry at all.
Quote:
Trojan:Win32/Vibem.C
Client.exe starts an instance of Worker.exe, they rendezvous via broadcasts of a custom registered window message, and then they communicate further using WM_COPYDATA and a few application messages numbered starting at WM_APP.
Worker simulates a long-running background workload. It gets a count of desired rows and columns, creates a 2D Double array, fills it with Rnd() values, to simulate a slow crunching activity it calls Sleep(1000) after each row, and reports progress and checks for a Cancel indication from Client. Finally, if not canceled, it returns the array contents to Client where the values are displayed in a grid control.
Seems like pretty generic stuff, really.
So why did this trigger a malware warning? Why did this go away after making a few more changes?
Any ideas?
I'd like to think that it was merely due to chance that something in the compiled program matched a malware signature. A "something" that was no longer there after more program changes.
The problem did not occur until I added the use of my WM_APP_SYNC message. That's probably mere coincidence though since the working "non-offending" programs work fine and Defender doesn't cry at all.