I am not sure if you submit your new versions of software to antivirus companies before you roll them out?

Eg:
- http://www.virustotal.com/gui/home/upload
- whitelist.kaspersky.com/whitelist_program
- submit.symantec.com/whitelist/

I run corporate level antivirus (xcitium) which has a security function called "zero dwell containment". (I have reached out to Xcitium to get the details of their whitelist program)

This function adds a very interesting new layer of protection against potential viruses/trojans/malware.

What it does is contain any unknown software into a "container" using virtualization technology, isolating the unknown software and any activity from the remainder of the computer system.

Unknown programs are still allowed to operate within their own container however they are monitored for behavior consistent with malicious activity and also limited in that all blocks the software writes to any drives are stored as a different version which are presented as the hierarchical file structure for all impacted drives under C:\VTRoot\{Drive Volume}\{path...}\...

Outside the containment all files/blocks remain untouched by the contained software so even in the event of an infection, all malicious activity is contained and the malicious software is dealt with.

A summary explanation: www.youtube.com/watch?v=Frx52YMHZ24

I have an additional subscription that submits any unknown software to xcitium security team for analysis in which an outcome is determined in a day or two however with your software it poses some inconvenience as follows:

The recent upgrade to your software rendered the upgrade as unknown, placing them into containment.

Any software called by your docks are also opened into the container (which makes zero-dwell containment more aggressive than usual circumstances).
Due to this I could not use your docks for a couple of days as a lot of the software I use them to launch are systems/network administration.

My workaround is to leave updates for your software to a Friday Night (xcitium security team works 24/7) and hope I don't get any calls for technical work over the weekend.

No. That would be a nightmare.

Below I'm going to paste what I wrote to another user that had problems with the software because of Norton (which I suspect is also using a kind of 'reputation' based scheme):

I grew pretty skeptical of most anti-virus software over the years, as many of them just end up causing more problems than they actually solve, especially when they employ simplistic solutions to very complex problems (and end up throwing the baby out with the bath water).

For instance, when the ransomware craze started some AV engines decided that ANY software writing to ANY folder under Public Documents (perfectly legit folder to store data) could only be malware trying to encrypt user data (!). As if that is not bad enough, they would then SILENTLY (i.e. without telling the user what they were doing) prevent the application from writing to its own data folders, which would obviously break it while leaving the user totally clueless as to why that particular application was no longer working properly (must be a bug in the application itself, right? Lol).

You even have a real life example from this user HERE where BitDefender decided to QUARANTINE Explorer.exe (!) because he was using Windows Explorer to delete some files in the Documents folder!

Others would flag ANY software that used a specific (and very legal) Windows API to check on user keystrokes as Keyloggers (Winstep software, for instance, uses this API call to detect keyboard activations of docks, to launch items via a hot key, etc). Not every application listening in on user keystrokes is a keylogger as doing this can have a multitude of legit purposes, but some of these AV engines seem to think they can only be up to no good.

Then you have obscure newcomers like Bkav Pro down at VirusTotal, which is Vietnamese or Russian, not quite sure. I really have no idea why VirusTotal includes such unknown and flawed engines, as Bkav Pro apparently keeps flagging EVERYTHING as suspicious or malware lol. I really think VirusTotal should exclude certain engines if their false positive rates exceed a certain threshold.

Personally I use ESET Smart Security and I am very happy with them, it never did any of the silly stuff I mentioned above (and whenever you hear news about new malware findings, etc, you will probably see ESET mentioned in the news as well, as they are at the forefront of IT security). And no, I’m not a shareholder for ESET lol

AV programmes generally are a total nightmare. I have stuck with ESET for years and never have had any silly things going on with it - indeed, it's always behaved perfectly and is the only AV I'd consider at present. (In addition, my VPN, email, and browsers already stop a lot of nonsense coming down the wire.) As an aside, ESET can also be found much more cheaply than its regular price by looking around, and more cheaply than many competitors.

ESET is proof if needed that if AV apps are done properly in the first place, there's no need for any further messy intervention from third party app creators. The very idea that it should be up to a third party software provider to have their app 'whitelisted' is absurd!