Hi AI team,
Yesterday we installed our product created by AI in customer enviroment. Their aintivirus blocked downloading our package becouse it contains backdoors.
We scanend our package on www.virustotal.com and we get this result.
We also scanned components in package, there are OK.
This is big problem for us because antivirus like Avast and ESET block our installation.
Do you have any idea how to solve this?
I can also give you link to download our product.
Suggested Articles
-
Protection
- Posts: 8
- Joined: Thu Aug 03, 2017 8:53 am
VirusTotal.com reports backdors
- Attachments
-
- Protection_Avast_Win32_Evo-gen.png (31.62 KiB) Viewed 7901 times
-
- 1.png (31.3 KiB) Viewed 7901 times
Re: VirusTotal.com reports backdors
Hello,
The best method to avoid this kind of false positive detection will be to contact the related antivirus vendors and report your false positive detection to be fixed or ask them to whitelist your setup package and its download URL.
If you find out that the detection is caused by the setup package itself rather than the resources you add into the setup package (e.g. your application files, the source file of your custom actions, etc) or the download URL of your setup, then please forward us your AIP (project file) to support at advancedinstaller dot com so we can investigate it.
All the best,
Daniel
The best method to avoid this kind of false positive detection will be to contact the related antivirus vendors and report your false positive detection to be fixed or ask them to whitelist your setup package and its download URL.
If you find out that the detection is caused by the setup package itself rather than the resources you add into the setup package (e.g. your application files, the source file of your custom actions, etc) or the download URL of your setup, then please forward us your AIP (project file) to support at advancedinstaller dot com so we can investigate it.
All the best,
Daniel
-
Protection
- Posts: 8
- Joined: Thu Aug 03, 2017 8:53 am
Re: VirusTotal.com reports backdors
Hi Daniel,
Thank you for your answer.
Problem is in .exe file. Single MSI package of our product is clear. We need .exe file because we install prerequisites like SQL server. I have created test project of .exe file with few our files. Result was same (infected by malware). Source files are without malware infection. I will send you my test project with resource files on your support email address.
Our license is near to expire but we can not afford distributed software with malware to our customers. If this problem will not be solved we can not extend our maintenance. Today we had another incident with .exe file in customer enviroment.
Best regards.
SODAT Team
Thank you for your answer.
Problem is in .exe file. Single MSI package of our product is clear. We need .exe file because we install prerequisites like SQL server. I have created test project of .exe file with few our files. Result was same (infected by malware). Source files are without malware infection. I will send you my test project with resource files on your support email address.
Our license is near to expire but we can not afford distributed software with malware to our customers. If this problem will not be solved we can not extend our maintenance. Today we had another incident with .exe file in customer enviroment.
Best regards.
SODAT Team
Re: VirusTotal.com reports backdors
Hello,
Thank you for your sent test files. I've tested and replicated the false detection indeed. However, after removing your application files from "Files and Folders" page and rebuilding the EXE setup package only 3 detection occurs. See the attached screenshot.
This means that the false detection is influenced by your application files too in what regards the rest of the AV vendors (BitDefender, F-Secure, GData, etc.) detecting your setup package. In this case we cannot submit false positive reports using your application files for the AV vendors detecting the setup package only when your app files are bundled inside the EXE setup. We are not allowed to do this by our company policies. The only way you could resolve this will be to contact the AV vendors and submit your setup package for whitelisting. Thank you for your understanding.
We will proceed with a false positive submission for our EXE bootstrapper resources for the above listed AV vendors though: ALYac, Jiangmin and EGambit. This is the most we can help you with. Thank you once again for your understanding.
Also, we'll try to upload for whitelisting all our Advanced Installer 14.2.1 application files for know AV vendors like Avast, AVG, McAfee and Symantec and hopefully this will be somewhat help to you.
As a side note, even your maintenance plan has expired you can downlaod and run in trial mode our latest version of AI (14.3) and rebuild your setup and see if this helps you avoid such false detections. All our latest AI version files are whitelisted and no detection should be encounter due to an AI resourcs.
All the best,
Daniel
Thank you for your sent test files. I've tested and replicated the false detection indeed. However, after removing your application files from "Files and Folders" page and rebuilding the EXE setup package only 3 detection occurs. See the attached screenshot.
- image.jpg (125.52 KiB) Viewed 7874 times
We will proceed with a false positive submission for our EXE bootstrapper resources for the above listed AV vendors though: ALYac, Jiangmin and EGambit. This is the most we can help you with. Thank you once again for your understanding.
Also, we'll try to upload for whitelisting all our Advanced Installer 14.2.1 application files for know AV vendors like Avast, AVG, McAfee and Symantec and hopefully this will be somewhat help to you.
As a side note, even your maintenance plan has expired you can downlaod and run in trial mode our latest version of AI (14.3) and rebuild your setup and see if this helps you avoid such false detections. All our latest AI version files are whitelisted and no detection should be encounter due to an AI resourcs.
All the best,
Daniel
Re: VirusTotal.com reports backdors
I am having the same issue. I tested it by creating an aip that was for a .NET app that created an exe. I didn't put anything in the .NET app (no dlls, exe's, etc.) and still got the message that I had a Razy virus in the exe and it was removed. Let me know if there is something you would like me to do to help you resolve this issue.
Thanks!
Stan
Thanks!
Stan
- Attachments
-
- Test.aip
- (18.13 KiB) Downloaded 401 times
Re: VirusTotal.com reports backdors
Hello Stan,
Thank you for bringing this to our attention.
I replicated the issue too. I can assure you this is a false positive detection. We will contact Bitdefender team and hopefully this false detection will be whitelisted soon.
Thank you once again for your heads up.
All the best,
Daniel
Thank you for bringing this to our attention.
I replicated the issue too. I can assure you this is a false positive detection. We will contact Bitdefender team and hopefully this false detection will be whitelisted soon.
Thank you once again for your heads up.
All the best,
Daniel
Re: VirusTotal.com reports backdors
I'm getting the same issue with BitDefender. I don't know if there has been a change in the .aiui files recently or if BitDefender changed their detection algorithms but it doesn't like those files now... I submitted my installer to support.
Re: VirusTotal.com reports backdors
Hello Steve,
We are aware of these issues and already reported a false positive ticket to Bitdefender team. Unfortunately they are quite unresponsive until now. We are awaiting for two weeks for an update.
From my experience with the Antivirus vendors I know that this kind of detection is not so easy to be whitelisted. This is why we always recommend our users to try whitelisting themselves their setup packages when possible.
In your case (when the build operation is blocked) until Bitdefender fixes this false detection, I'm afraid you have no option than temporarily disabling their antivirus software. Unfortunately there is nothing more we can do than to wait for a reply/fix from them.
Also, you can try to report yourself this dynamic detection (at build time) and see if you have more luck in getting a quicker resolution.
Thank you for your understanding.
All the best,
Daniel
We are aware of these issues and already reported a false positive ticket to Bitdefender team. Unfortunately they are quite unresponsive until now. We are awaiting for two weeks for an update.
From my experience with the Antivirus vendors I know that this kind of detection is not so easy to be whitelisted. This is why we always recommend our users to try whitelisting themselves their setup packages when possible.
In your case (when the build operation is blocked) until Bitdefender fixes this false detection, I'm afraid you have no option than temporarily disabling their antivirus software. Unfortunately there is nothing more we can do than to wait for a reply/fix from them.
Also, you can try to report yourself this dynamic detection (at build time) and see if you have more luck in getting a quicker resolution.
Thank you for your understanding.
All the best,
Daniel
Re: VirusTotal.com reports backdors
Hello all,
The BitDefender team has just informed me that they removed the false positive detection of the Advanced Installer builds.
I've tested our application against their latest antivirus database definition and everything seems to be fine now. So, please try to update the BitDefender virus definition database and see if everything is fine now.
All the best,
Daniel
The BitDefender team has just informed me that they removed the false positive detection of the Advanced Installer builds.
I've tested our application against their latest antivirus database definition and everything seems to be fine now. So, please try to update the BitDefender virus definition database and see if everything is fine now.
All the best,
Daniel
Re: VirusTotal.com reports backdors
Hello,
I'm also getting reports from beta testers that Bitdefender is consistently blocking the updater.exe tool. I've even tested this by configuring the updater to run a very simple .msi installer which just installs a single text file and the issue persists.
I've just uploaded a copy of the updater.exe file installed by my project to VirusTotal with the following result...
Just wondered if you guys are able to reproduce this or offer any advice?
Thanks,
Nick
Edit: I've started a new topic on this issue here as further investigation shows VirusTotal reports are not relevant. It seems the hit above may be related to the code-signing certificate.
I'm also getting reports from beta testers that Bitdefender is consistently blocking the updater.exe tool. I've even tested this by configuring the updater to run a very simple .msi installer which just installs a single text file and the issue persists.
I've just uploaded a copy of the updater.exe file installed by my project to VirusTotal with the following result...
Just wondered if you guys are able to reproduce this or offer any advice?
Thanks,
Nick
Edit: I've started a new topic on this issue here as further investigation shows VirusTotal reports are not relevant. It seems the hit above may be related to the code-signing certificate.