Installer detected as W32/Agent.GMZ.gen!Eldorado virus

[Diegam]

The installer of my app is being detected as a virus by Bitdefender and Google according to Virus Total. I have tried using "none" as the compression algorithm but the problem continues. I uploaded my compressed project without the installer to Virus Total and it does not detect any viruses, so I assume that the problem is with the installer.

My application installs some files to AppData. I don't know if it's related, but it's worth mentioning

Does anyone know what could be causing this issue?

[Eivind Bakkestuen]

The problem is with the *Anti Virus Programs* (well, assuming you don't actually have viruses on your machine). Supply your program to the companies with positive detection for whitelisting.

--
You received this message because you are subscribed to the Google Groups "innosetup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to innosetup+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/70591266-255c-45d7-9aa4-9456a5c6c96bn%40googlegroups.com.

[Gavin Lambert]

On 26/06/2023 06:17, Diegam wrote:
> The installer of my app is being detected as a virus by Bitdefender and
> Google according to Virus Total. I have tried using "none" as the
> compression algorithm but the problem continues. I uploaded my
> compressed project without the installer to Virus Total and it does not
> detect any viruses, so I assume that the problem is with the installer.

As Eivind already noted, this is due to the AV vendors being
insufficiently careful when creating virus signatures, and capturing
part of the install/uninstall engine of Inno that's common to all apps
using Inno (including the malware). There isn't really any solution to
this other than reporting it as a false positive to the offending vendors.

> My application installs some files to AppData. I don't know if it's
> related, but it's worth mentioning

Separately: you should not rely on installing anything to {user*} paths
if you have a normal PrivilegesRequired=admin installation.

To put that a different way: your application is *required* (by
Microsoft) to still operate correctly if there is nothing at all
installed at installation time in the {user*} paths.

As such, any such "installation" should actually be performed by your
app (not the installer) when it starts up and finds the files are
missing, either from internal defaults or from read-only templates
installed to {app} or {common*} paths.

It's easy to test this: simply install your app using one user account
and then try to run it from a different user account without re-running
the installer.

[Diegam]

Thank you Elvind and Gavin for your answers.

Using the compression method as zip has worked for me, and now only Google detects it as a virus, but not Microsoft's, which is enough for me for now.

--
You received this message because you are subscribed to a topic in the Google Groups "innosetup" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/innosetup/32QD2oDkJUU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to innosetup+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/06c7daa3-1b33-f55d-496b-dc6358da4e91%40mirality.co.nz.