nicolasf
Posts: 15
Joined: Mon Mar 02, 2015 4:17 pm

EXE installers detected as containing virus

Thu Nov 09, 2017 9:36 pm

OS: Windows 7 Professional with Service Pack 1 (x64)

Steps to reproduce it:
1. Open Advanced Installer 13.8.1.
2. Create a Professional project (under Generic Templates).
3. Go to Resources -> Files and Folders.
4. Add "C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg" under Application Folder.
5. Go to Package Definition -> Builds.
6. Change Package Type from "Single MSI (resources inside)" to "Single EXE setup (resources inside).".
7. Change Archive from "Archive installation files into CAB files" to "Archive installation files using LZMA compression".
8. Save the project with a name of "Your Application.aip".
9. Build.
10. Go to https://www.virustotal.com.
11. Click "Upload and scan file" and select the installer built on 9).
12. Notice that "4 engines detected this file".
13. Repeat the same steps but create an Enterprise project instead.
14. Notice that "4 engines detected this file".

This is concerning our customers.

Let us know if any other information is required.

Thanks,
Nicolás.
Attachments
4 engines detected this file.png
4 engines detected this file.png (89.76KiB)Viewed 9188 times

nicolasf
Posts: 15
Joined: Mon Mar 02, 2015 4:17 pm

Re: EXE installers detected as containing virus

Thu Nov 09, 2017 9:48 pm

The result for installers built with Advanced Installer 14.4.1 is "2 engines detected this file".
Attachments
2 engines detected this file.png
2 engines detected this file.png (88.61KiB)Viewed 9185 times

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: EXE installers detected as containing virus

Fri Nov 10, 2017 11:59 am

Hello Nicolás,

I've tested the scenario and replicated the detection when using Advanced Installer 13.8.1. Thank you for bringing this to our attention. We will try to submit the false positive detections to the related antivirus vendors as soon as possible. However, to get the best results in what concern your built setup package I really want to encourage you to submit your own setup packages to be whitelisted by the related antivirus vendors.

In what regards the detections you encountered using our latest version of AI (14.4.1), can you please test this once more? Because I was not able to replicate the detection using our latest version of AI. If you still replicates the detections maybe you can attach a small buildable sample we can use on our side too.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

nicolasf
Posts: 15
Joined: Mon Mar 02, 2015 4:17 pm

Re: EXE installers detected as containing virus

Fri Nov 10, 2017 1:43 pm

Hi Daniel,
I am now getting "One engine detected this file". The engine is Qihoo-360.

Please, find the installer at https://cloud.box.com/s/d2hj2npl6py5o1j ... e7zca3ju31.

Thanks for your help.

-Nicolás.
Attachments
One engine detected this file.png
One engine detected this file.png (81.25KiB)Viewed 9173 times
Your Application.aip
(18.45KiB)Downloaded 355 times

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: EXE installers detected as containing virus

Mon Nov 13, 2017 11:32 am

Hello Nicolás,

My latest scan test, of a setup package built with the same settings as the one your attached, shows the file is clean.

Let me know if you still encounter false detections.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Brightwell
Posts: 1
Joined: Fri Nov 03, 2017 12:09 pm

Re: EXE installers detected as containing virus

Tue Nov 14, 2017 4:13 pm

Danierl wrote:
Mon Nov 13, 2017 11:32 am
Hello Nicolás,

My latest scan test, of a setup package built with the same settings as the one your attached, shows the file is clean.

Let me know if you still encounter false detections.

All the best,
Daniel
I noticed the same thing. Hopefully they'll whitelist this sooner rather than later.
Last edited by Brightwell on Wed Nov 03, 2021 1:57 pm, edited 3 times in total.

Collins
Posts: 138
Joined: Wed Oct 12, 2016 2:57 pm

Re: EXE installers detected as containing virus

Tue Nov 14, 2017 8:32 pm

This just started today for me with Symantec:
Symantec.png
Symantec.png (6.25KiB)Viewed 9136 times

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: EXE installers detected as containing virus

Wed Nov 15, 2017 9:36 am

Hello,

Can you please send us the .aip (project file) to support at advancedinstaller dot com so we can investigate its settings? Also, do you get the detection at install time or during the build process of the setup project?

If you could replicate the behavior using a small sample this will be very useful for us.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Collins
Posts: 138
Joined: Wed Oct 12, 2016 2:57 pm

Re: EXE installers detected as containing virus

Wed Nov 15, 2017 12:56 pm

I will send the files to you. This happens at build time; I build on the build server and the exe is placed on a share. On another PC, I have the share open while the exe is being created and Symantec notices it, sees it as a virus and places it in quarantine.

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: EXE installers detected as containing virus

Thu Nov 16, 2017 4:18 pm

Hello Collins,

I've built your sent setup project but didn't replicate any Symantec detection for the built EXE setup package.

Can you please make sure you have the latest updates installed for the virus definition database of Symantec? Also, can you please upgrade to our latest version of AI (14.4.2) and see if the detection still replicates?

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Collins
Posts: 138
Joined: Wed Oct 12, 2016 2:57 pm

Re: EXE installers detected as containing virus

Thu Nov 16, 2017 7:35 pm

Thanks Daniel. I am on the latest 14.4.2 and updated the virus definitions to the latest. I am still seeing the same issue. I emailed you all the latest information for recreating it.

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: EXE installers detected as containing virus

Fri Nov 17, 2017 2:49 pm

Hello Collins,

I'm very sorry for this, but I still cannot replicate the detection. I've tried building the setup package on a local path and on a shared network location path but everytime the build succeeded.

The only difference I can see is that on my test machine I have currently installed a lower build number of Symantec (v14 build 1904) than the one you are using. However when checking for updates my Symantec client reports there are no updates.
properties.jpg
properties.jpg (122.63KiB)Viewed 9082 times
updates status.jpg
updates status.jpg (114.04KiB)Viewed 9082 times
Could you please try to contact the Symantec team and report the strange detection that occur on your side? They should be able to analyze better why the detection occurs and whitelist this.

Thank you for your understanding.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”