maxeineder
Posts: 1
Joined: Mon Oct 04, 2021 12:42 pm

Windows Defender detects virus when executing a setup built with AI

Mon Oct 04, 2021 12:55 pm

Hello,

we have been building our installer with AI for several years. Since last friday, Windows Defender detects a virus when the installer is executed, see screenshot. It is Uwamson.A!ml in two ps1 scriptfiles. We checked our installer project, but we don't include any powershell scripts, so they seem to be generated by AI. We use AI 18.6.1.

Is this a known issue?


Thanks

Max
Attachments
04-10-_2021_13-45-35.png
04-10-_2021_13-45-35.png (61.41KiB)Viewed 11336 times

Liviu
Posts: 1035
Joined: Tue Jul 13, 2021 11:29 am
Contact:  Website

Re: Windows Defender detects virus when executing a setup built with AI

Mon Oct 04, 2021 1:14 pm

Hello Max,

This is quite strange. I'm not really sure why this happens.

Can you please send us the .AIP (setup project) file by email to support at advancedinstaller dot com so we can further test and investigate this?

Best regards,
Liviu
________________________________________
Liviu Sandu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

SimLoe
Posts: 66
Joined: Thu Mar 12, 2020 11:37 am

Re: Windows Defender detects virus when executing a setup built with AI

Mon Oct 18, 2021 11:37 am

A similar behavior was reported today by one of our customers. When he is running our setup, the following warning occurs:
Virusmeldung.png
Virusmeldung.png (129.77KiB)Viewed 10139 times
Can you please have a look at it?

Catalin
Posts: 6542
Joined: Wed Jun 13, 2018 7:49 am

Re: Windows Defender detects virus when executing a setup built with AI

Mon Oct 18, 2021 11:47 am

Hello Simon,

This issue was due to a false-positive detection of our PowerShell scripts.

We have submitted this for whitelisting to Windows Defender and they whitelisted it.

Here would be their reply:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run "MpCmdRun.exe -removedefinitions -dynamicsignatures"
3. Run "MpCmdRun.exe -SignatureUpdate"
Could you please let your user know about updating the malware definitions on his machine and then let us know if everything works as expected?

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

SimLoe
Posts: 66
Joined: Thu Mar 12, 2020 11:37 am

Re: Windows Defender detects virus when executing a setup built with AI

Mon Oct 18, 2021 12:29 pm

Hello Catalin,

our user is using McAfee VirusScan Enterprise - maybe you should tell them as well to whitelist this behavior. I will ask him whether he is using latest definitions.

Catalin
Posts: 6542
Joined: Wed Jun 13, 2018 7:49 am

Re: Windows Defender detects virus when executing a setup built with AI

Mon Oct 18, 2021 12:54 pm

Hello Simon,

We already did that.

However, unfortunately, we have not yet gotten any answer from them.

I will update this thread when we will.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”