Dear Advanced Installer Support Team,
Many of our customers decided to remove the Advanced Updater service we install on their computer due to security reasons. Some antivirus programs identified that updater service as virus. Do you have any idea why this could happen with our customers? Security is the first for them, so in the future they won´t be able to trigger silent updates due to missing updater service.
Please advise us something!
Best regards,
Zsolt
Suggested Articles
-
Zsolt Kollarits
- Posts: 342
- Joined: Fri May 29, 2015 10:36 am
Re: Advanced Updater service is identified as a virus
Hi,
here a sample of the updater.exe scanned with VirusTotal, this was AI 14.5.1:
with 15.1 it looks like this:
Can you give a statement, why this happens?
Regards,
Roland
here a sample of the updater.exe scanned with VirusTotal, this was AI 14.5.1:
with 15.1 it looks like this:
Can you give a statement, why this happens?
Regards,
Roland
Re: Advanced Updater service is identified as a virus
Hi,
something is wrong with the forum software. i can't add screenshots properly...
Please fix this.
Regards,
Roland
something is wrong with the forum software. i can't add screenshots properly...
Please fix this.
Regards,
Roland
Re: Advanced Updater service is identified as a virus
We are getting the following Anti-Virus scanners reporting updater.exe as false positive finding:
AI 14.5.1:
Bkav: W32.MaganiatiNG.Trojan
NANO-Antivirus: Trojan.Win32.Miner.exafof
VBA32: Downloader.Agent
Yandex: PUA.Downloader!
Zillya: Downloader.Agent.Win32.348123
AI 15.1:
VBA32: Adware.OnlineGuard or Trojan.BtcMine
This looks like we are mining bitcoins on the computers of our customers.
Please response!
Regards,
Roland
AI 14.5.1:
Bkav: W32.MaganiatiNG.Trojan
NANO-Antivirus: Trojan.Win32.Miner.exafof
VBA32: Downloader.Agent
Yandex: PUA.Downloader!
Zillya: Downloader.Agent.Win32.348123
AI 15.1:
VBA32: Adware.OnlineGuard or Trojan.BtcMine
This looks like we are mining bitcoins on the computers of our customers.
Please response!
Regards,
Roland
Re: Advanced Updater service is identified as a virus
Hello Roland ans Zsolt,
Indeed at the current time it seems the Updater tool delivered with AI 15.1 is falsely detected by 2 AV products: Rising and VBA32, while the Updater tool delivered with AI 14.5.1 is falsely detected by 4 AV products: NANO-Antivirus, VBA32, Zillya and Yandex. We will try to contact those AV vendors and report these false positives.
However, as the antivirus product heuristics change from one day to another and the false detections occur very often it is really difficult for us to continuously keep all our application files whitelisted, even if we try to do all our best. So to avoid such unpleasant situations we always recommend our customers to submit their setup package (before each release) to the AV vendors for being whitelisted.
Submitting for whitelisting your setup package before each release (even this can be time consuming) is the best way to avoid such false detections. There is nothing more we can do on our side other than our usual routine of scanning our application files and submitting false positives.
Thank you for your understanding.
All the best,
Daniel
Indeed at the current time it seems the Updater tool delivered with AI 15.1 is falsely detected by 2 AV products: Rising and VBA32, while the Updater tool delivered with AI 14.5.1 is falsely detected by 4 AV products: NANO-Antivirus, VBA32, Zillya and Yandex. We will try to contact those AV vendors and report these false positives.
However, as the antivirus product heuristics change from one day to another and the false detections occur very often it is really difficult for us to continuously keep all our application files whitelisted, even if we try to do all our best. So to avoid such unpleasant situations we always recommend our customers to submit their setup package (before each release) to the AV vendors for being whitelisted.
Submitting for whitelisting your setup package before each release (even this can be time consuming) is the best way to avoid such false detections. There is nothing more we can do on our side other than our usual routine of scanning our application files and submitting false positives.
Thank you for your understanding.
All the best,
Daniel