Codename K
Posts: 471
Joined: Fri Jan 29, 2010 3:04 pm

Detected as a threat only by Windows Defender.

Thu Sep 01, 2022 4:42 pm

Hello,

When the installer is downloaded from the web, it is detected as a threat by Windows Defender, while other antivirus tools finds it clean. Windows Defender does not detect it as a threat on the developer machine. This seems to be the case for many downloaded installers. Is this issue something with Windows Defender?

The downloaded installers are unsigned. Can you check if this is the case for all types of installers created by Advanced Installer, or it is only limited for few types of installers?

:?:
K

Liviu
Posts: 1035
Joined: Tue Jul 13, 2021 11:29 am
Contact:  Website

Re: Detected as a threat only by Windows Defender.

Tue Sep 06, 2022 7:20 am

Hello K,

Sorry for the delayed reply on this.
Is this issue something with Windows Defender?
If it is an .EXE package, then most likely yes. For example on my machine with Windows 11 the Windows Defender does not like any unsigned .EXE package, it always deletes them. Also, soon Microsoft will release a new version for Windows 11 (22H2) which will have a new feature called Smart App Control (SAC). Basically, this new feature will block the execution of any unsigned file and is very aggressive. The SAC will check if the app has a valid signature. If there is a valid signature, SAC will let the app run. If not, the Smart App Control will block it. It is obvious that Microsoft is pushing for more digital signing, which also makes sense from a security point of view.

More details about SAC on our article here.

Can you please make sure that your Windows Defender database is up to date on that machine? And see if the issue is still reproduced with the latest updates.

This is a false positive. Nowadays the antivirus heuristics is changing on a daily basis and they become more and more aggressive.
If you still have problems after you update the virus database, a way to avoid this would be to whitelist your executable to Microsoft. To submit a false positive report you can use the below portal:

https://www.microsoft.com/en-us/wdsi/filesubmission/

I know this because we have done this in the past as well, when different vendors (including WIndows Defender) has marked one of our files as potentially dangerous.

For instance, here at Advanced Installer, before each release, our support team scans our product using VirusTotal and if anything raises, we submit a whitelist request to the respective vendor. Only after that, we publish the release on our website so our users can download it.

Hope this helps!

Best regards,
Liviu
________________________________________
Liviu Sandu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Codename K
Posts: 471
Joined: Fri Jan 29, 2010 3:04 pm

Re: Detected as a threat only by Windows Defender.

Tue Sep 06, 2022 8:39 am

Hello,

Thank you for your detailed answer.
K

Liviu
Posts: 1035
Joined: Tue Jul 13, 2021 11:29 am
Contact:  Website

Re: Detected as a threat only by Windows Defender.

Tue Sep 06, 2022 1:39 pm

You're always welcome, K!

Best regards,
Liviu
________________________________________
Liviu Sandu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”