Kaspersky Anti-virus identifies Setup.exe and Update.exe as trojans #218
Comments
|
While this was originally a problem, these days as long as you sign your installer, most people aren't seeing the virus warnings. Can you send in Setup.exe and Update.exe to Kapersky to whitelist then? |
|
I'll submit them. Is the setup.exe that is distributed through the Visual Studio Package manager signed? If so, there might be value in submitting new versions to them when publishing. If I didn't realize that my anti-virus was deleting the files (without even telling me) I would have never gotten the package installed on my project. |
No, because the setup.exe we distribute there is a template that we'll edit (and therefore, break the signature) |
|
I had the same issue with Bit defender but I sent in Setup.exe and they added it to their database. Not sure if that is possible with Kapersky as well |
|
Symantec Endpoint Protection's generic trojan detector, Trojan.Gen.2, quarantined test\fixtures\Setup.exe. I submitted it on their false positive form. |
|
Thanks @JVimes |
|
Windows Defender quarantined the unsigned Update.exe as a Trojan (Trojan:Win32/Codinx.B!plock). I submitted it as not malware here: https://www.microsoft.com/security/portal/submission/SubmissionHistory.aspx?SubmissionId=a1235358-fbb7-4d39-83a8-942440050036&lc=1033 |
|
Even signing doesn't always seem to stop these AVs from killing your apps, from I've seen valid apps taken out for all sorts of reasons, signed or not and using OS or commercial installer packages; it's just a constant battle and unfortunately you have to visit every AV vendor to do the whitelisting and no common procedure in place. |
|
Thanks @jg123, people submitting to whitelists whenever bad stuff happens is a huge help |
…irrel#611. Trailing slash comment from Squirrel#641.
…irrel#611. Trailing slash comment from Squirrel#641.
|
Hi there, How much time passed between the time you guys submitted false positive reports and the antivirus warnings disappeared? I have the same problem and can't seem to have any progress. I followed the online guide listed at the FAQ document, which is this http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm, and submitted reports via both email and website but got no positive response from the Kaspersky. Is there anybody who reached a positive result trying another channel of communication to resolve this? My angry users keep increasing and I'm open to suggestions. |
|
There's nothing we can do about AV vendors hating us, closing this |
|
The other option is to find what API calls look like a virus and refactor until they don't, if possible. |
I mean, the thing that "looks like a virus" is the fact that we install software - the funny thing about Squirrel is, from a "what it actually does" perspective it really does look a lot like malware - it unpacks and installs code to your computer and executes it, and it downloads code from the Internet in the background and runs it. The difference of course being, that we do it with the user's consent, and malware doesn't :) |
|
Ahh right ;) It's probably wishful thinking that we could avoid the malware fingerprint. Hoping proper signing is the key, here. |
|
Signing makes a huge difference for distributing to your users, you'll most likely see this issue go away |
What about signing the resulting binary? Using a template shouldn't make any differences… |
Kaspersky's heuristic scan detects both Setup.exe and Update.exe as HEUR:Trojan.Win32.Generic.
Obviously it isn't liking some of the squirrel code. While I was happy to scan the files using a few different engines and none of them resulted in detections, typical end-users might not agree and end up not installing the software.
When I build from the source code, the resulting Setup.exe is detected as well.
It was also a pain to download and install Squirrel.windows through the Visual Studio Package Manager, since Kaspersky deleted Setup.exe every time it was downloaded. I eventually figured out what was going on and set it to prompt me before deleting the file, which made it possible to install it.
The text was updated successfully, but these errors were encountered: