How To Unlock Executable Path

vigil

Hi again, I'm very annoyed of how Bitdefender I.S.'16 behaves, it is a total broken antivirus software, not very user friendly and less programmer friendly.

I write using Delphi or Lazarus, and in many oportunities your antivirus keeps detecting my recently compiled executables, e.g. mixing Graphics32 latest trunk version with WinaAPI oleacc calls.

Detecting as virus, I cannot send you a false positive sample since I can't even restore it.

So I have to give you some details and hope you take your time to test it:

- I installed Lazarus latest 1.6 RC1 32bits

- I also installed Graphics32 latest trunk commit

svn checkout svn://svn.code.sf.net/p/graphics32/code/trunk graphics32-code it is rev 2208

If you can't install it since it is tricky.

From within Lazarus IDE create a new empty project.

And from packages menu open the .lpk as follows:

First open GR32_Lazarus.lpk then in the new dialog window choose use button (it looks like a thunder symbol) and chose "add to the project" option, since the install button is disabled.

After that without closing anything open again the another .lpk package from the same menu, the packages name is GR32_DSGN_Lazarus.lpk, now there will be a install option which will recompile lazarus to include this new package.

- I imported oleacc definitions using Delphi's TLIBIMP command line tool from within my project's path:

tlibimp -Hs- -Hr- -Ftoleacc -Ps- -O- %systemroot%\SYSTEM32\OLEACC.DLL

It will create oleacc.pas which is not really compatible with lazarus, but we only need the IAccessible method so removing STDVCL from this source code it will be enough.

Now, when I create a simple call to oleacc.pas function (specifically AccessibleObjectFromWindow) from my project it works fine, but when I add a timage32 object (from graphics32), and compiling it, Bitdefender detects it as a virus:

Gen:\Variant.Symmi.22317. which obviously is not, furthermore, if I don't call that oleacc function and only want to show the graphics32 image it works normally, Bitdefender doesn't detect any threat.

This is my call example using Delphi or Lazarus:

Res := AccessibleObjectFromWindow(HWND, 0, IID_IAccessible, Acc);

where HWND is my another application's window handle, so I can test accessibility (MSAA) in my other application GUI.

SO; returning to my original question (title), How do I unlock my project's directory to allow writing my executable again?

It is very frustrating to keep moving my source code from my original (even using .git) path to another just to recompile again, and bitdefender blocking it again.

The worst thing is that if I restore my application, and I remove it using command line (del myapplication.exe) next time I compile without modifying my code (even to just a hello world example) bitdefender will not allow to write my new executable. Previous versions of Bitdefender was better in this scenario, i.e. if I removed manually that executable I was able to use that directory again.

Please don't ignore my question, I don't need you to review my false positives, since I am pretty sure they're not, because I code it myself, and I just want to know how to unlock my affected directories, because Lazarus / Delphi compiles executables into a static location, and changing names or moving to another directory everytime Bitdefender detects them as FalsePosivites locking my executable's path is very frustrating and time consuming.

Offtopic: I don't know why Antivirus software keeps threating delphi/lazarus executables, like Avast now your Bitdefender, and maybe others. Delphi is not a virus, Winrar, InnoSetup, FL Studio, and many other famous applications are written with it.

vigil

Never mind, I'm switching to Kaspersky.