Hi,
Probably a false positive because VirusTotal does not see anything (except Rising that sees a "Trojan.Generic"), but I wanted to make sure no one has the same pb:
Windows Defender finding a "Win32/Contebrew.A!ml" virus in a setup file generated by AI 21.0.1
Thanks
Suggested Articles
Re: Virus hit Contebrew
Hello and welcome to our forums,
Thank you very much for bringing this to our attention!
That is indeed a false-positive detection.
Nowadays, the antivirus heuristics are changing on a daily basis and they become more and more aggressive.
Is your setup digitally signed? As far as I'm aware, digitally signed packages should not be detected by the Defender.
For testing purposes, you can create a test certificate and install it in the "Trusted Root Certification Authority" - this should get rid of the detection.
Best regards,
Catalin
Thank you very much for bringing this to our attention!
That is indeed a false-positive detection.
Nowadays, the antivirus heuristics are changing on a daily basis and they become more and more aggressive.
Is your setup digitally signed? As far as I'm aware, digitally signed packages should not be detected by the Defender.
For testing purposes, you can create a test certificate and install it in the "Trusted Root Certification Authority" - this should get rid of the detection.
Best regards,
Catalin
Re: Virus hit Contebrew
We are also experiencing this critical issue with the latest AdvancedInstaller 21.0.1.
- Our installer is digitally signed with a third party code signing certificate
- The issue is new in the latest release
- Only one of our installers is affected
- We are seeing the issue on 2 x Windows Server 2022 machines
- The machines have had the latest Windows Updates and Windows Defender signature files applied
Re: Virus hit Contebrew
Hello David,
First of all, I apologize for the inconvenience!
Regarding the issue, just a quick not would be the name of the setup being "setup.exe". As far as I know, it's not really ok to have such name for your setup as it increases the chances of it being detected.
Now, what I would suggest is the following:
- whitelist locally the folder where the setup is built / whitelist the EXE
- submit the EXE for whitelisting on Microsoft website:
Submit a file for Malware Analysis
I know this can be annoying in some instances, but I'm afraid there isn't really a workaroud to this - as we do the same + scanning each file individually.
Thank you for your understanding!
Best regards,
Catalin
First of all, I apologize for the inconvenience!
Regarding the issue, just a quick not would be the name of the setup being "setup.exe". As far as I know, it's not really ok to have such name for your setup as it increases the chances of it being detected.
Now, what I would suggest is the following:
- whitelist locally the folder where the setup is built / whitelist the EXE
- submit the EXE for whitelisting on Microsoft website:
Submit a file for Malware Analysis
I know this can be annoying in some instances, but I'm afraid there isn't really a workaroud to this - as we do the same + scanning each file individually.
Thank you for your understanding!
Best regards,
Catalin