I'm an amateur programmer, and I'm getting desperate and mad because of a big issue: most of my programs are blocked by avast anti-virus, while some aren't, and I don't understand why. The more I try to investigate, the less I understand what the problem could be.

我是一名业余程序员，因为一个大问题，我感到绝望和生气：我的大多数程序都被 avast 防病毒软件阻止，而有些则没有，我不明白为什么。我尝试调查的次数越多，我就越不了解问题所在。

I'm requesting your help to find a solution so that my programs are no longer blocked, or, as a default, at least some strong clues that would explain why it might be the case. There are already many topics about that on the web. However, most of them give only superficial answers: they just explain how anti-virus works with signatures and detection heuristics, or state that you just have to add the offending application in the white list without asking any other question. While it is certainly correct, it's not acceptable answers in my sens, because I'm still left with my own programs that refuse to work without any concrete idea to start investigating.

我请求您帮助找到解决方案，以便我的程序不再被阻止，或者，作为默认设置，至少有一些强有力的线索可以解释为什么会出现这种情况。网络上已经有很多关于它的主题。然而，他们中的大多数人只给出了肤浅的答案：他们只是解释了防病毒如何与签名和检测启发式一起工作，或者声明您只需将有问题的应用程序添加到白名单中而不问任何其他问题。虽然它肯定是正确的，但在我看来这不是可接受的答案，因为我仍然保留自己的程序，这些程序在没有任何具体想法开始调查的情况下拒绝工作。

First of all, the only anti-virus that blocks my programs is avast 7.x. No other anti-virus see any inconvenient to run my software. Secondly, I haven't avast myself; it is installed on a friend's machine. I have windows 7, he has windows XP. I'm completely sure that the problem is avast only: when it is temporarily disabled, or if the program is added to its white list, everything works nicely as expected.

首先，阻止我的程序的唯一防病毒软件是 avast 7.x。没有其他杀毒软件看到有什么不便运行我的软件。其次，我没有放弃自己；它安装在朋友的机器上。我有 windows 7，他有 windows XP。我完全确定问题只是avast：当它被暂时禁用时，或者如果程序被添加到其白名单中，一切都按预期运行良好。

Three different programs are in trouble :

三个不同的程序有问题：

• A text editor, with the goal to replace windows notepad while keeping simple, efficient and customizable
• A small amateur audio player very simple to use
• The client program of an online game platform, currently having more than 1000 users

• 一个文本编辑器，旨在取代 windows 记事本，同时保持简单、高效和可定制
• 一个非常简单易用的小型业余音频播放器
• 某网络游戏平台客户端程序，目前用户已超过1000人

The first one is open source, I can give a link to the executable and the source code if needed. The two others are closed source but free to use, I can give a link to the executable of the current version only. the only obvious common things between these three programs are me as a developer, my windows 7 machine that compiled them, the compiler family which is MinGW/GCC, and they are all win32 GUI applications without any framework (no MFC, no WPF, no QT, WXWidgets or whatever; just pure win32/C GUI applications)

第一个是开源的，如果需要，我可以提供可执行文件和源代码的链接。另外两个是封闭源代码但可以免费使用，我只能提供指向当前版本的可执行文件的链接。这三个程序之间唯一明显的共同点是我作为开发人员，编译它们的 Windows 7 机器，编译器家族是 MinGW/GCC，它们都是没有任何框架的 win32 GUI 应用程序（没有 MFC，没有 WPF，没有QT、WXWidgets 或其他什么；只是纯 win32/C GUI 应用程序）

Here are my observations and though so far :

这是我的观察结果，尽管到目前为止：

• Versions 1.1, 1.2.1 and 1.3 of my text editor are blocked. They are in C not C++, have been compiled with GCC 3.4.5 in unicode mode, and are distributed in portable zip files (by portable, I simply mean no installer and no installation needed)
• Version 1.4.1 of the same text editor isn't blocked. It has been compiled with GCC 4.7.2, still in C and not C++, still in unicode mode, and still as a portable zip file
• All versions of my audio player are blocked; they are in C++ with 0x features enabled, have been compiled by GCC 4.7.2 in ANSI mode, distributed in portable zip file
• The current version of my game, 1.7.2, isn't blocked. it is in C, has been compiled with GCC 3.4.5 in ANSI mode, and is distributed as an inno-setup 5 installer.
• The new version of my game, 2.0.0, which is currently a private beta, is blocked. It is in C++ with 0x features enabled, has been compiled with GCC 4.7.2 in unicode mode. I share it with my private beta-testing team as zip files within a private dropbox folder

• 我的文本编辑器的 1.1、1.2.1 和 1.3 版本被阻止。它们使用 C 而不是 C++，已在 unicode 模式下使用 GCC 3.4.5 编译，并以可移植的 zip 文件分发（通过可移植，我只是指无需安装程序和无需安装）
• 同一文本编辑器的 1.4.1 版不会被阻止。它已经用 GCC 4.7.2 编译，仍然是 C 而不是 C++，仍然是 unicode 模式，仍然是一个可移植的 zip 文件
• 我的音频播放器的所有版本都被屏蔽了；它们在 C++ 中启用了 0x 功能，已在 ANSI 模式下由 GCC 4.7.2 编译，以可移植的 zip 文件分发
• 我的游戏的当前版本 1.7.2 没有被阻止。它是 C 语言，已在 ANSI 模式下使用 GCC 3.4.5 编译，并作为 inno-setup 5 安装程序分发。
• 我的游戏的新版本 2.0.0 目前是私人测试版，已被阻止。它在 C++ 中启用了 0x 功能，已在 unicode 模式下使用 GCC 4.7.2 编译。我与我的私人 Beta 测试团队共享它作为私人保管箱文件夹中的 zip 文件

The problem is caused by avast 7.x auto-sandbox. The following happens when one try to start a program disliked by avast :

该问题是由 avast 7.x 自动沙盒引起的。当您尝试启动 avast 不喜欢的程序时，会发生以下情况：

1. The user double-click or hit enter on the executable
2. The program starts but is almost instantaneously and forcibly crashed by avast
3. A pop-up appears and says something like: avast has put this program into his sandbox because his reputation is low
4. IF one click on the continue button of the pop-up, the execution of the program is restarted and works normally
5. If one don't click on the continue button, windows explorer freezes, the executable remain in the task manager and invariably use 76 KB of RAM while being impossible to kill; finally after about 5 minutes, windows explorer unfreezes, the program is restarted and works normally

1. 用户双击可执行文件或按 Enter 键
2. 程序启动但几乎是瞬间被avast强行崩溃
3. 出现一个弹出窗口，内容如下：avast 已将此程序放入他的沙箱中，因为他的声誉很低
4. 如果点击弹窗的继续按钮，程序重新开始执行并正常运行
5. 如果不点击继续按钮，Windows 资源管理器会死机，可执行文件仍保留在任务管理器中，并且始终使用 76 KB 的 RAM 而无法杀死；最后大约 5 分钟后，Windows 资源管理器解冻，程序重新启动并正常运行

This is unacceptable. newbie users of my program, especially the game, don't know how anti-virus works; don't know how to put it into the white list and why it will unblock it; don't know how to change settings of their anti-virus; if they see the pop-up, wont understand it and will end up being afraid or disappointed because they can't play without knowing why; and if they don't see the pop-up, I can't expect them to wait 5 minutes with a half-freezing computer. each time they want to play.

这是无法接受的。我的程序，尤其是游戏的新手用户，不知道防病毒是如何工作的；不知道怎么加入白名单，为什么会解封；不知道如何更改他们的防病毒设置；如果他们看到弹出窗口，不会理解它，最终会害怕或失望，因为他们不知道为什么就不能玩；如果他们没有看到弹出窗口，我不能指望他们用半冻结的计算机等待 5 分钟。每次他们想玩。

From there, I made the following deductions :

从那里，我做了以下推论：

• My machine isn't itself infected and no virus is injected into the executables I distribute; otherwise, all recent programs would be blocked; I have two which are (my player and the new version of my game), while one is not (the latest version of my text editor). The 1.7.2 of the game has been compiled in march 2012, while the 1.4.1 of the text editor is from October 2012.
• The newest version of GCC 4.7.2 is not in cause, by the same reasoning; same for ANSI vs unicode compiling.
• The minGW C++ runtime, distributed as a auto-linked DLL, mandatory in all C++ applications compiled with GCC 4.7.2, is probably not the cause, because many well known programs use it; and my text editor is blocked and is in C, and thus don't use it.
• My audio player and my game have the audio library in common; this later is not the cause, because the version 1.7.2 of my game works and the newest private beta not. And of course, that audio library is also used in many other known or less known applications that aren't blocked.
• Both the player and the game access the network using winsock; so by the same reasoning, it's not the cause either
• IF it really were the reputation thing of avast, why the version 1.4.1 of my text editor, which is not blocked, has only been downloaded around 70 times, while the version 1.3 which is blocked has been downloaded more than 300 times ? IT looks completely illogical. Is 70 users sufficient to claim something about reputation ? Is it more with 300 users ? I really don't think so... probably a critical mass of a dozens thousands users is necessary.

• 我的机器本身没有被感染，我分发的可执行文件中也没有注入病毒；否则，所有最近的程序都将被阻止；我有两个是（我的播放器和我的游戏的新版本），而一个不是（我的文本编辑器的最新版本）。游戏的1.7.2是2012年3月编译的，而文本编辑器的1.4.1是2012年10月的。
• 出于同样的原因，最新版本的 GCC 4.7.2 没有出现；ANSI 与 unicode 编译相同。
• minGW C++ 运行时作为自动链接的 DLL 分发，在使用 GCC 4.7.2 编译的所有 C++ 应用程序中都是必需的，这可能不是原因，因为许多知名程序都使用它；并且我的文本编辑器被阻止并且使用 C 语言，因此不要使用它。
• 我的音频播放器和我的游戏有共同的音频库；这不是原因，因为我的游戏版本 1.7.2 有效，而最新的私人测试版无效。当然，该音频库还用于许多其他已知或鲜为人知的未被阻止的应用程序。
• 玩家和游戏都使用winsock访问网络；所以同理，这也不是原因
• 如果真的是avast的名声，为什么我的文本编辑器没有被屏蔽的1.4.1版本只下载了70次左右，而被屏蔽的1.3版本却被下载了300多次？它看起来完全不合逻辑。70 个用户足以声称声誉吗？300 个用户会更多吗？我真的不这么认为......可能需要数十万用户的临界质量。

Additionally to that, I also though that the fact I'm distributing my programs as portable zip files may be a reason for avast to block, and conversely, the fact that a program is well installed in program files may be a reason to trust it more. So I made a simple experience: I compiled a new inno-setup 5 installer for the beta 2.0.0 of my game, as well as one for the version 1.3 of my text editor, and discover that the installers themselves were blocked !

除此之外，我还认为我将我的程序作为便携式 zip 文件分发的事实可能是 avast 阻止的一个原因，相反，程序安装在程序文件中的事实可能是信任它的一个原因更多的。所以我做了一个简单的体验：我为我的游戏测试版 2.0.0 和我的文本编辑器 1.3 版本编译了一个新的 inno-setup 5 安装程序，并发现安装程序本身被阻止了！

I made another experience with my friend, where I tried to find exactly the place where the programs crash, based on using MessageBeep (MessageBox is also blocked !). I didn't noticed anything problematic. The game is blocked when SetDlgItemText is called for the first time in the login dialog box, but if I remove all SetDlgItemText it is blocked further down. IN the text editor, it is blocked while populating the menu bar...

我和我的朋友做了另一个体验，在那里我试图找到程序崩溃的确切位置，基于使用 MessageBeep（MessageBox 也被阻止了！）。我没有注意到任何问题。当第一次在登录对话框中调用 SetDlgItemText 时，游戏被阻止，但如果我删除所有 SetDlgItemText，它会被进一步阻止。在文本编辑器中，它在填充菜单栏时被阻止...

My conclusion is, there is something that avast don't like in the new version of my game, in the old versions of my text editor, and in my audio player. Something that is absent in the newest version of my text editor. What could it be ? Do you have any clue ? Do you have only an idea on how I could proceed to find what it is so that I can hope to fix it ? Is there only a way to analyse such a problem, or is the hole world screwed by avast?

我的结论是，在我的游戏的新版本、我的文本编辑器的旧版本和我的音频播放器中，有些东西是 avast 不喜欢的。我的文本编辑器的最新版本中没有的东西。会是什么呢 ？你有什么线索吗？您是否只知道我如何才能找到它是什么，以便我可以希望修复它？这样的问题是只有分析方法，还是被avast搞砸了洞世界？

Note that I'm a single person and not a company, all those programs are free to use, I have not pay any IDE to develop them, and I'm not paid by the users when they use them, so I assume that a certificate is probably not affordable at all. Moreover, I don't know if it's a true solution, how to sign an application compiled with GCC, and I really don't want to switch to an "usine à gaz" like MSVC. I would prefer strongly forget that option if there is any other solution, even a very dirty one.

请注意，我是一个人而不是公司，所有这些程序都是免费使用的，我没有支付任何 IDE 来开发它们，而且用户使用它们时我也没有支付费用，所以我假设证书可能根本负担不起。而且，我不知道这是否是真正的解决方案，如何对用GCC编译的应用程序进行签名，我真的不想切换到像MSVC这样的“usine à gaz”。如果有任何其他解决方案，即使是非常脏的解决方案，我宁愿强烈忘记该选项。

Thank you for reading.

感谢您的阅读。