Software Quarantine: Prevention Guide

TL;DR

Your software gets quarantined because anti-virus or other security tools think it’s dodgy. This guide shows you how to build and package your software so it’s less likely to be flagged, covering code signing, common pitfalls, testing, and submission processes.

How to Avoid Software Quarantine

1. Code Signing: Your Digital Signature
   • This is the most important step. Code signing proves your software comes from you and hasn’t been tampered with.
   • You’ll need a code signing certificate from a trusted Certificate Authority (CA). Costs vary, but it’s an essential expense.
   • Sign *all* executable files, libraries (.dlls), drivers, and installers. Don’t skip anything!
   • Tools like Signtool (part of the Windows SDK) are used for signing:

     signtool sign /f your_certificate.pfx /p your_password /t http://timestamp.digicert.com your_executable.exe

2. Avoid Common Quarantine Triggers
   • Packed/Obfuscated Code: Anti-virus often flags packed or obfuscated code as suspicious, even if it’s harmless. Avoid unless absolutely necessary.
   • Unusual File Names & Paths: Stick to standard naming conventions. Avoid random strings or overly long paths.
   • Network Connections: If your software connects to the internet, be transparent about it. Clearly state this during installation and in documentation.
   • Self-Modifying Code: Code that changes itself at runtime is a big red flag. Avoid if possible.
   • Embedded Resources: Be careful with embedded resources (images, data files). Ensure they are legitimate and don’t contain malicious code.
3. Reputation Building – Start Small
   • Before a large release, submit your software to VirusTotal (https://www.virustotal.com) to check its reputation with multiple anti-virus engines.
   • Release early versions to a small group of trusted testers (beta program).
   • Encourage users to submit false positive reports to the relevant anti-virus vendors if your software is incorrectly flagged.
4. Installer Best Practices
   • Use reputable installer frameworks like Inno Setup, NSIS or WiX. These are well-known and less likely to trigger alarms.
   • Avoid bundling unwanted software (bloatware). This is a common cause of quarantine.
   • Clearly display your company name and website in the installer.
   • Ensure your uninstaller cleanly removes all files and registry entries.
5. Testing, Testing, Testing
   • Test your software on multiple anti-virus platforms (Windows Defender, Avast, Bitdefender, etc.). Use virtual machines for clean testing environments.
   • Scan all components with a variety of cyber security tools *before* signing.
   • Automate scans as part of your build process if possible.
6. Submission to Anti-Virus Vendors
   • Most major anti-virus vendors have submission portals where you can submit your software for analysis. This helps them learn about legitimate applications.
   • Provide detailed information about your software, its functionality, and any known false positives.
   • Be patient – it can take time for vendors to analyze your submission.

Important Note: Even with all these precautions, there’s no guarantee your software won’t be quarantined. False positives happen. The key is to minimize the risk and have a plan in place to address them quickly.