False positive virus detection

April 24th, 2018 - Tuesday

Written by Horatiu Prica


False positives virus detection is a common occurrence when installing software; learn why they happen and how you might prevent them, before deploying your application to your users.

Antivirus Vendors

Why Is My Setup Detected?

New detection algorithms or overly broad detection signature are the main reasons why your software might be marked by mistake as malicious by an antivirus. You have to check and make sure your installer is not flagged as a false positive before deploying to your customer base.

Most commonly, false positives appear due to a combination of how the files of your application interact with the installer stubs(setup.exe, file systems, etc.).

How Do I Prevent a False Positive?

Completely preventing a false positive is very difficult due to a large number of antivirus vendors but there are multiple ways of reducing the chance as much as possible before deployment:

  1. Use VirusTotal, an online malware scanning service that also creates a whitelist of products from software vendors to reduce wrong detections by antivirus programs.
  2. If the problem persists, contact the antivirus company that wrongly detected your package and report the false positive.
  3. Start with submitting false positives reports to big antivirus companies first. We noticed a trend in smaller antivirus providers, i.e., they sometimes automatically whitelist you if the big antivirus companies do it too.

Before releasing a new version of Advanced Installer we always follow these steps; if required we contact specific antivirus vendors and report issues to try to help them improve their detection algorithms in the future. However, sometimes we need to report a false positive detection, as their detection algorithms evolve constantly.