False Positives - AntiVirus failure (False Alert)

Defination:
https://www.merriam-webster.com/dictionary/false%20positive
a result that shows something is present when it really is not

AntiVirus Software:
Mostly AntiVirus Software saying a file is a virus but it really is not.

My Comment:
 If you use an AntiVirus software at home that is set to protect AirPort Secretary computer or children  ( regular user ) or
  You are using any Company computer that is not meant to be a development computer,
   You are quite limited to develop anything including PE.

MS webpages use special naming "technician PC" to underline difference between regular user and developer.
--》 A developer do not need Airport Secretary computer protection. 
----》 Using "technician PC" naming simply to avoid admitting False Positives + To avoid writing "Disable you AV"  etc.

Eg.
A "technician" using "technician PC" ("technician OS") will probably use utilities like
Windows Login Unlocker (Link files)
PassReset
ProduKey (NirSoft)
..
to solve Problems

A regular PC user (eg. AirPort Secretary computer) never need such utilities,
 and on such PC there is a potential risk so AV software rings bells they are harmful virus etc. (False Positive)
   A "technician"  who fixes updates a regular PC (eg. AirPort Secretary computer) use such utilities anyway with "technician OS" (eg. WinPE).   


Solution:
Before you use any project ( build pe etc etc.)
Put your project folder ( eg. D:\Oven\ ) to your AV Exclusion List
OR
Temporary Disable your AV

Known False Positives on projects around so far:
(let me know if you notice)

* HideRun is not a virus (HideRun.exe etc.)
It has its own topic here with available sourcecodes http://theoven.org/index.php?topic=2040.0

* PinTool.exe is not a virus
written by well-known JFX: http://theoven.org/index.php?topic=1803.0

* AutoIt is not a virus
AU3361.exe -> AutoIT v3.3.6.1
AU3381.exe -> AutoIT v3.3.8.1
AutoIt is a well known Scripting Language
https://www.autoitscript.com/site/

* Imdisk is not a virus
Imdisk is a well known open source ramdisk http://www.ltr-data.se/opencode.html/

* Any software from NirSoft is not a virus (see NirSoft False positive list at the end of current post)

* PECmd.exe is not a virus, is a well known boot loader
http://theoven.org/index.php?topic=2297.0

* GetWaikTools.exe is not a virus, It is a well known utility by JFX
http://theoven.org/index.php?topic=287
http://theoven.org/index.php?topic=287.msg23281#msg23281

* FixScreen.exe is not a virus
Written by JFX & ChrisR :
http://theoven.org/index.php?topic=2245.0

* memtest 5.01 is not a virus
https://www.memtest86.com/

* caffeine is not a virus
http://www.zhornsoftware.co.uk/caffeine/

* Windows Login Unlocker is not a virus
( WLU_x86.exe )
ps: Security/Password software cause false-positive is known. See Nirsoft blog/webpage.




*****************************
Here are some other web links with comments from developers:
+
NirSoft open a blog:
Antivirus companies cause a big headache to small developers.
http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/
AND
NirSoft gives a list of false positives:
https://www.nirsoft.net/false_positive_report.html

+
Portable Apps gives list of known false positives
https://portableapps.com/support

+
A topic opend for AutoHotKey application:
It's time to do something about these AutoHotkey antivirus false positives
http://www.donationcoder.com/forum/?topic=15210.0

Got this warning from Bitdefender:

The file C:\..\Win10XPE\Projects\Include\x86\AdditionalFiles\Windows\System32\SetWG.exe is infected with Gen:Variant.Jaik.36551 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean

Is this false positive?

You need to allow an AV exception for the Base (Win10XPE) folder..

Thank you, I have

I feel it is useful to put quote of slore reply 6 http://theoven.org/index.php?topic=3137.msg37568#msg37568 to current topic that will be useful.

About the AV check,

NOTICE: If NTBOOTAUTOFIX, SetupXP, UEfix cause AV alarm, just delete them.

On my side, even JFX's WinNTSetup4.rar casues AV alarm.

Most of them is 3rd part applications(if worried about this, download from offical site again, or just delete them),
for the system components/features it shouldn't causes that, because them just file list in *.script or *.bat.

+ Info:

runuefix.exe
UEfix.exe
imageres.dll

are False-Positive (not Virus) + If your AV delete them you can still have successful PE

slore is well-known PE developer (Wimbuilder)

More Info:
slore reply 0 http://theoven.org/index.php?topic=3112.msg37103#msg37103

NOTICE: If NTBOOTAUTOFIX, SetupXP, UEfix cause AV alarm, just delete them.

slore reply 369 http://theoven.org/index.php?topic=2390.msg37871#msg37871

Z:\WimBuilder2\vendor\CustomResources\SmallDlls\imageres.dll 81 KB
This file will replace the system one(20.4 MB) when you select the option "use small imageres.dll" in Slim patch.
When you want to create a 100MB or smaller PE, you need the file to make the boot.wim be smailler without losting any features(just urgly icon/image display)

slore Reply 375 http://theoven.org/index.php?topic=2390.msg37894#msg37894

info about runuefix.exe UEfix.exe

It is come form other PE, They are batch2exe or autoit script, and only in Chinese language.
They are sample program files, so I will remove them later.
I try to find some good maintain portable tools.