Wiki -VoIP Topics

WebPhone false alert

Update (2020, October 12): Due to the modifications we made and the false positive submissions for the affected virus scanners, our new WebPhoneService_Install.exe is detected as clean by 99% of the virus scanners according to VirusTotal. You can verify this here.

Custom builds are slightly different from the demo version. In case if your copy is reported by some virus scanner, then you should submit a false positive report for the respective virus scanner(s) to get it white-listed.

2020, October 9: Our webphone software might trigger a false positive by some virus scanners.

According to some virus scanners (6 from 70) incorrectly marks our software as dangerous. Screenshot here.
The virustotal hash is: 207279e125d3c40b0950cf6a068ce6a4dd399079ec8c91bbea44a93e171dea18.

The false positive is cased by our NS engine installer -WebPhoneService_Install.exe- which can be found in the under the "native" subfolder.

Here we declare that the webphone and its WebPhoneService component have been created by us, it works as specified by its software documentation and it doesn't contain any virus, malware or malicious code nor it leaks any private data.

The webphone is a VoIP (SIP) client software sold to developers.
It is a commercial solution (our best-sold software since years) and only a demo is available for free download (with some demo restrictions so users can try it before to purchase).
A detailed description about the webphone can be found here:

What is the WebPhoneService engine and what it does more exactly:
The WebPhoneService is an optional component for the webphone, often referred as the "NS engine", that might be used in some circumstances if the users don't have or don't wish to use WebRTC.
It has a single file installer (WebPhoneService_Install.exe) and it runs as a windows NT service by listening on a secure localhost websocket port (WSS) providing VoIP capabilities for our webphone, communicating with the requested SIP server using the standard SIP and RTP protocols to make and receive VoIP calls as configured by the webphone users.
The installer can be found in the native subfolder if you unpack the

Here is the download link to our webphone (the whole package, containing also the "suspicious" WebPhoneService_Install.exe):

Here is the direct download link for the WebPhoneService_Install.exe (extracted from the webphone package):

There is no any malicious bits in our software, we don't collect any user data and the software works as expected after its specification. All our software is signed with a certificate named "WebVoIPPhone".

Trying to guess what is triggering the false alert:
The software does a lot of things and we suspect that one of the followings are wrongly detected as "suspicious activity":
•    It tries to download and deploy a JVM (java virtual machine) if a JVM is not already installed on the PC (this is required because internally the NS engine uses our Java based JVoIP software as the SIP stack)
•    Execures taskkill.exe (this is used to kill the service own processes to make sure that all resources are released before (re)install)
•    Modify registry settings (for example to register itself as a SIP URI handler)
•    Uses the audio recording devices (apparently, this is a must for VoIP calls)
•    Might auto download a TLS certificate maintained by Let's Encrypted to be used for WSS (secure websocket)

We also provide customized/branded builds for our customers. This is exactly like the original, with the following changes:
•    The software file name is renamed after our client brand or company name
•    All references to us and to our website are removed or replaced with the customer company name and website address
•    Restricts the usage only with the customer SIP servers (we ask the address of the SIP servers from our customers and "hardcode" these addresses into our software to disallow the usage with other servers)

We have contacted all the affected virus scanners today and submitted our software as false positive to be white-listed.
Hopefully the problem will be resolved within a few days.
Thank you for your understand and your continued support.