Antivirus software has the challenging task of identifying malware infected files from a large total number of files on computer systems. No antivirus software will identify all current and past computer malware with a 100% detection rate. Sometimes even perfectly valid application files are mistakenly recognized by one or several antivirus software products as a false positive.
So how to determine if a zenon application file actually is infected, contains malicious content and the identified threat is real or a if the antivirus software incorrectly detects the software as malware infected?
One way is to check the file properties. Whether the file is digitally signed, which certificate was used to sign the file and if the digital signature is valid or not, can be verified by checking the file properties using Windows Explorer.
All executable zenon application files are digitally signed using a code signing certificate issued to "Ing. Punzenberger COPA-DATA GmbH" by an intermediate signing certificate "Symantec Class 3 SHA256 Code Signing CA" which in its turn is issued by a "VeriSign Class 3 Public Primary Certification Authority - G5" root certificate.
If the file is unmodified the digital signature will be valid. If however the file has been modified and malware has been attached, or the file has been replaced, the digital signature will be invalid and will be displayed accordingly in Windows Explorer. A missing or invalid digital signature or a digital signature that is not issued to "Ing. Punzenberger COPA-DATA GmbH" can be a good indicator that this file actually is a malicious file. Do make sure to always validate the complete chain of trust back to the root certifcate and ask for help from COPA-DATA if you are unsure of how to establish this.
In case the digital signature and the chain of trust appear valid there may still be doubt. In this case uploading the affected file to a website called "virustotal" may give an additional indication if the file has malicious content or not. When there are still doubts, you can always contact your local COPA-DATA support for additional verification.
If your antivirus software has mistakenly detected zenon application files as malware this may have a negative impact. Apart from a notification by the antivirus software, the zenon application may produce an error message, have a reduced functionality or even completely fail to start.
Depending on the action that the antivirus software takes after detecting a malware this can have a different impact. Antivirus software applications may prevent access to the file or move the file to a safe location, sometimes referred to quarantine. Antivirus software products often provide a mechanism to restore the detected file to its original location or to unblock the file, in case of a false positive.
COPA-DATA can contact antivirus software vendors on your behalf to provide guarantee that a false positive is in fact a valid software application. After this fact has been established, usually an update of the antivirus software signature database will remove the false positive detection by the antivirus software.