We have written before about the different reasons why Dynamic may get flagged as a false positive on virus scans. Few things can be as annoying as coming back to your work computer and finding that your shortcut has disappeared because an anti-virus application decided your software is not safe for you to use.
Dynamic has certain built-in features which can trigger anti-virus software diagnostics to make false positive matches. These include
- Quick Update – Dynamic makes it easy for users to update their software over the internet. This is a great time-saving feature, and guarantees that the most recent update is only a click away, without relying on specialized IT support. However, anti-virus software designers tend to take a dim view of software with download capabilities. The zip file (it’s always a zip file) is described as a “payload” and because it originates on the internet, automatically defined as malicious. Well, it’s not.
- Bundled file distribution – Dynamic applications act like self-extracting zip files, containing everything they need to go operational immediately. This means that when you run a Dynamic executable file in a folder, it will immediately create any missing files, such as the DLLs (dynamic link library’s) used to supply run-time functionality. This features allows smaller and faster updates, and only writes to the local folder. Much the same case as with the Quick Update feature, anti-virus software designers unfortunately tend to take a dim view of software with self-extracting capabilities. These files are extracted silently in the background. And only to the local folder.
- Microsoft Windows Outlook integration – Dynamic provides Microsoft Outlook integration. Dynamic sends email through Outlook. The local user gets to use their own primary email account as the Dynamic sender account. Outgoing mail can be seen in the Outbox and Sent Items. Again, anti-virus software designers tend to take a dim view of software with Outlook integration capabilities. This is typically flagged as MachineLearning. 🙂
- PDF document generation creates new content. Client Billing, such as invoices are generated at a speed of approximately one every 3 seconds. These documents are written to the %documents% folder. However, certain anti-virus software considers this malicious activity and blocks the creation of the PDF.
Dynamic installs into a single folder. Typically c:\Dynamic\mylawfirm and installs it’s required files and folders here. Specifically no registry keys are written or read.
It should be noted that a common threat detection mechanism is to scan for files which did not originate on the local computer. This is done by scanning the “data stream” of each file. As Dynamic software is internet delivered, it is a tell tale sign that the files are indeed foreign. But not malicious.
Once operational, Dynamic creates folders for each matter in the Documents user folder. Again no registry keys are written or read.
Note that this screen grab shows the same target, identified by Windows Defender as three different threats.
Add an exclusion to Windows Security
Since May 2019 we noticed increased instances of false positive detection by Windows Defender. This coincides with Windows 10 Updates.
Other anti virus applications that are known react very harshly to our products include Kaspersky, Norton, Avira and Avast. Please set exceptions. Do not Quarantine or Delete, just Allow Always.
We have taken remedial action to safeguard the relevant modules. This seems to make Windows Defender happy and has reduced the number of false positive hits. Users are encouraged to use the Quick Update feature and use at least version 2.0.1.76.
Our software is scanned by Eset’s Nod32 and Malwarebytes prior to release.
If you do have problems, we would like to hear from you.
-Dynamic