We haven’t made any changes except updating the Couatl64_MSFS.EXE file which hasn’t been updated since a couple of months. We had to update it to fix a small issue which caused vehicles making a small stuttering while reversing their movement, but that’s not really the point: we should be able to update the software if we need.
And this is the main source of the problem, in order to advertise being able to catch threats “before they are discovered”, some antivirus use questionable heuristic behavioral patterns and in some cases even less reliable “reputation scores”. This last is particularly bad, because it would basically prevents updates, since everything new is at risk of being classified as dangerous “just” because it’s new, so it doesn’t have enough reputation score (it’s new…).
When dealing with false positives, the usual suggestion to prevent those, is to use Digital Signatures, namely the Authenticode signature from Microsoft (which we pay hundreds$/year just to keep it current and it has raised in price 3x in the last years) but on top of that, we have a 2nd Digital Signature called “Software Taggant”, which is an IEEE standard that antivirus vendors are supposed to use to help their software differentiate between real threats and false positives. We have both, of course.
The problem is, some antivirus vendors decided to trust their own heuristic more than these industry standards, and the result is you have an antivirus that catches more false positives than it should.
The only recurse we have, is to REPORT these to the antivirus vendors, but we can’t do it without help from users. If we don’t know which antivirus was at fault, we can’t report it.
Many routers (Asus, and others) use security software from Trend Micro and of course, as soon as we got a report from an affected user, we filed a reclassification complaint with Trend Micro and of course, a few hours after we reported it, Trend Micro reclassified the affected URL as Safe
This should cover a lot of routers but, again, if there are other routers around using different software or blocking different URLs, we can’t report if we don’t know about it.