Nick
Posts: 13
Joined: Tue Oct 17, 2017 1:46 am

Updater.exe being blocked by Bitdefender

Fri Apr 20, 2018 4:22 pm

Hello guys,

I originally posted this issue here, but I don't think this is appropriate given that VirusTotal reports don't seem too relevant in this case.

The basic issue is that beta testers have been reporting that Bitdefender is consistently blocking the updater tool. Today I downloaded a copy of Bitdefender and did some further tests to try and find a reason for this behaviour. However, I find that even if I create a very simple *.msi installer with the updater included (I actually used the 'story' example from your documentation in Advanced Installer v14.8 Enterprise) the problem still exists. This seems to rule out any components or properties of the installer package I'm developing.

What I've found is that if the update configuration file tells the updater the product is already up-to-date, Bitdefender doesn't interfere with the updater. However, if the updater finds it can apply an update, it is blocked immediately by Bitdefender.

Image
If you can attempt to reproduce and address this matter I'd be very grateful. For what it's worth, the update server URL when checked on VirusTotal doesn't raise any flags. As you'd expect, neither does the 'story' installer, the update installer or the updater itself.

Thanks,
Nick

Nick
Posts: 13
Joined: Tue Oct 17, 2017 1:46 am

Re: Updater.exe being blocked by Bitdefender

Tue Apr 24, 2018 1:28 pm

Guys,

I submitted the updater.exe tool to Bitdefender as a false positive last week, but still no change to the behaviour described above.

Please can you let me know if you've raised this issue with the Bitdefender team? As things stand, this issue will represent a significant business risk for us when it comes to deploying our first update. Bitdefender seems to be a very popular AV engine so potentially thousands of customers could be affected.

If you require any further info, please let me know.

Thanks,
Nick

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: Updater.exe being blocked by Bitdefender

Tue Apr 24, 2018 4:17 pm

Hello Nick,

We have started investigating this too and will get back to you as soon as we have a conclusion.

Thank you for your further patience on this.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Nick
Posts: 13
Joined: Tue Oct 17, 2017 1:46 am

Re: Updater.exe being blocked by Bitdefender

Wed Apr 25, 2018 11:52 am

Thanks Daniel,

Keen to hear how you get on. To provide a bit more context, I'm launching the updater via a custom action in the ExitDialog Finish Button. What's really troublesome about the Bitdefender behaviour is that it'll quarantine various parts of the installation, not always in an entirely predictable and consistent way.

Even worse, our installer needs to launch a pre-existing executable via a command-line argument, so then this gets quarantined too, along with other stuff related to that software.

I'm wondering if there's a 'safer' way to launch the updater? My contingency plan is to detect Bitdefender's process and not launch the update during installation if Bitdefender is running, but clearly such 'per-AV engine' workarounds are not desirable. I'm also not sure if trying to detect the Bitdefender process is sufficiently passive that it won't cause Bitdefender to detect a new threat.

Best regards,
Nick

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: Updater.exe being blocked by Bitdefender

Wed Apr 25, 2018 1:47 pm

Hello Nick,

We have tested the scenario but by now I'm afraid we cannot replicate the false detection at all. Could you please try to submit the whole setup package you have built to BitDefender and ask them to check which resources exactly from your setup are triggering the detection?

I strongly recommend you to also submit to BitDefender your built setup package so they whitelist it. This is a best practice and this way you will avoid such unpleasant detections. Nowadays the antivirus heuristics is changing on a daily basis and they become more and more aggressive. The best solution to avoid such false detection is to whitelist all of your built setup packages.

Also, if you could share with us a small sample built with Advanced Installer and a test case to use so we can replicate the behavior, this will be useful too.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Nick
Posts: 13
Joined: Tue Oct 17, 2017 1:46 am

Re: Updater.exe being blocked by Bitdefender

Wed Apr 25, 2018 3:00 pm

Hello Daniel,

Thanks for getting back to me. If you're unable to replicate the behaviour with an update package located on your own server, that would seem to indicate it's the update package URL which is a problem for Bitdefender, not the updater. However, it checks out fine with VirusTotal.

As mentioned above, this behaviour is even occurring with a simple *.msi installer built as a test case. This seems to rule out the content of the installer itself. Please can you try installing this test case 'Story.msi' available here, running its updater, and confirm how Bitdefender responds? Also, please can you let me know which Bitdefender product(s) you have tested against?

Here's a folder address containing the resources associated with this test. https://www.dropbox.com/sh/4yyjrc8uzvvo ... HRswa?dl=0.

Thanks,
Nick

Nick
Posts: 13
Joined: Tue Oct 17, 2017 1:46 am

Re: Updater.exe being blocked by Bitdefender

Wed Apr 25, 2018 5:40 pm

Hello guys,

Right - I think I've finally figured-out what's going on here. It's not the URL or the content of the installer or update which is causing Bitdefender to freak out and quarantine the updater tool and various other bits. Instead, it's the fact that in my installations, the updater.exe wasn't being run from within a protected OS directory such as C:\Program Files (x86). Instead the updater was placed with the rest of the installation package, wherever the user chooses. Typically this would be on an external drive.

Hopefully I can address the issue by enforcing installation of the updater and *.ini file to something like "C:\Program Files (x86)\Company Name\Product", irrespective of where the user chooses to install.

If you can confirm this behaviour at your end, it will be appreciated.

Thanks,
Nick

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: Updater.exe being blocked by Bitdefender

Thu Apr 26, 2018 3:47 pm

Hello Nick,

Thank you for your further feedback.

Using the latest test case we were able to replicate the behavior using a sample project. We will contact the BitDefender team, but from my experience with antivirus vendors when it comes to fixing such dynamic detection I'm not sure if they will be able to change their detection algorithms so that this runtime scenario be considered a safe one.

I still recommend you to upload entirely your setup package to them so they whitelist it and thus you will avoid such false positive detections. This is a best practice antivirus vendors recommend to us and encourage us to recommend to all our custiomers. Thank you once again for your understanding.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Nick
Posts: 13
Joined: Tue Oct 17, 2017 1:46 am

Re: Updater.exe being blocked by Bitdefender

Fri Apr 27, 2018 9:24 am

Thanks for confirming Daniel,

In tests I've done so far, enforcing installation of the updater.exe to the program files directory seem to have avoided the Bitdefender false positives completely and it's a very simple change to our builds so it's one I'll go with.

Best regards,
Nick

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: Updater.exe being blocked by Bitdefender

Mon Apr 30, 2018 10:34 am

You are always welcome Nick.

Thank you for your follow up on this too.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”