INNO refuses to compile psftp.exe even though its not a virus
866 views
Skip to first unread message
Leslie Desser
Sep 17, 2022, 2:10:30 PM9/17/22
to innosetup
I am including psftp.exe (from WinSCP/Putty) in a list of programs to create an install exe.
This has worked fine previously but suddenly a day or two ago INNO refuses to compile with error "... the file contains a virus or potentially unwanted software".
At the same time a Windows security notification pops up: "Threats found ... Get details".
Clicking on the notification shows " Current threats: No current threats."
This has worked fine previously but suddenly a day or two ago INNO refuses to compile with error "... the file contains a virus or potentially unwanted software".
At the same time a Windows security notification pops up: "Threats found ... Get details".
Clicking on the notification shows " Current threats: No current threats."
Checking the psftp.exe file with Defender returns a 'no threat found'
I am assuming that this is really a Defender issue - has it or has it not found a threat? There was no issue a few days ago, so it must somehow be related to a recent defender update.
I have done a full windows update and restarted the PC - same result. And its not PC specific as I have tried this on a different PC and it has the same issue.
I have installed the latest psftp update but that behaves the same.
I can temporarily deal with it by turning off Defender and then doing the compile in INNO.
Has anyone else come across this or have any ideas on the subject.
I am assuming that this is really a Defender issue - has it or has it not found a threat? There was no issue a few days ago, so it must somehow be related to a recent defender update.
I have done a full windows update and restarted the PC - same result. And its not PC specific as I have tried this on a different PC and it has the same issue.
I have installed the latest psftp update but that behaves the same.
I can temporarily deal with it by turning off Defender and then doing the compile in INNO.
Has anyone else come across this or have any ideas on the subject.
Eivind Bakkestuen
Sep 20, 2022, 7:42:45 AM9/20/22
to inno...@googlegroups.com
The only thing that works is to report the false positive to the antivirus vendor.
--
You received this message because you are subscribed to the Google Groups "innosetup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to innosetup+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/a5200338-1e87-44fc-912e-aabcbc6cf9ffn%40googlegroups.com.
Walter Dexter
Oct 25, 2022, 6:19:10 PM10/25/22
to innosetup
What version of Inno Setup are you using?
I had a similar problem with a command line .Net 6.0 tool I'm packaging (along with about a dozen DLLs because dependencies) getting my installer whacked by Defender because of "Trojan:Script/Phonzy.A!ml".
This was with latest Inno Setup, 6.2.1. I knocked back to 6.2.0 and it's fine.
Bill Stewart
Oct 27, 2022, 5:19:40 PM10/27/22
to innosetup
These are not Inno Setup problems per-se. Report the false-positives to your anti-malware vendors.
Alan Damper
Nov 28, 2022, 6:31:20 AM11/28/22
to innosetup
If I compile an installer for my software using 6.2.1 and then try to install on Windows 11 MS Defender will report a virus without fail.
I deleted 6.2.1 and installed 6.2.0 and the resulting installer runs fine on Win 11.
In fact the installer created by all of the 6.x versions works fine, but 6.2.1 fails. So it IS to do with Inno Setup and something in the created binary matches a trojan that Defender sees as a false positive.
6.2.2 when ic comes out may not have that byte sequence and will not have the issue.
I deleted 6.2.1 and installed 6.2.0 and the resulting installer runs fine on Win 11.
In fact the installer created by all of the 6.x versions works fine, but 6.2.1 fails. So it IS to do with Inno Setup and something in the created binary matches a trojan that Defender sees as a false positive.
6.2.2 when ic comes out may not have that byte sequence and will not have the issue.
Gavin Lambert
Nov 28, 2022, 4:42:54 PM11/28/22
to inno...@googlegroups.com
On 29/11/2022 00:31, Alan Damper wrote:
> If I compile an installer for my software using 6.2.1 and then try to
> install on Windows 11 MS Defender will report a virus without fail.
>
> I deleted 6.2.1 and installed 6.2.0 and the resulting installer runs
> fine on Win 11.
>
> In fact the installer created by all of the 6.x versions works fine, but
> 6.2.1 fails. So it IS to do with Inno Setup and something in the created
> binary matches a trojan that Defender sees as a false positive.
>
> 6.2.2 when ic comes out may not have that byte sequence and will not
> have the issue.
As already noted in this thread and in the FAQ, this happens to all
> If I compile an installer for my software using 6.2.1 and then try to
> install on Windows 11 MS Defender will report a virus without fail.
>
> I deleted 6.2.1 and installed 6.2.0 and the resulting installer runs
> fine on Win 11.
>
> In fact the installer created by all of the 6.x versions works fine, but
> 6.2.1 fails. So it IS to do with Inno Setup and something in the created
> binary matches a trojan that Defender sees as a false positive.
>
> 6.2.2 when ic comes out may not have that byte sequence and will not
> have the issue.
versions at some point, because being a free installer, malware authors
will use it to package their malware, and the wrong bytes of the
installer get flagged as part of the signature. Reporting false
positives to the antivirus vendors is the only solution. (This is also
why it tends to affect newer versions more than older ones, because the
false positives haven't been reported yet.)
Rob Nicholson
Nov 29, 2022, 4:03:29 AM11/29/22
to innosetup
I'm still using 6.2.0 for this very reason.
Sylvain Ard
Nov 29, 2022, 5:37:20 AM11/29/22
to inno...@googlegroups.com
Hello,
Appt 26 Bât A Résidence Le Patio
83 rue de la Bugellerie
86000 Poitiers
how to download version 6.2.0 please ?
thank you
best regards
Sylvain Ard
0549507724
0778380991
Entreprise individuelle SIRET : 800792434000220549507724
0778380991
--
You received this message because you are subscribed to the Google Groups "innosetup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to innosetup+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/e5275131-2dfd-4b85-b08d-69b7140b28d2n%40googlegroups.com.
Sylvain Ard
Nov 29, 2022, 5:49:24 AM11/29/22
to inno...@googlegroups.com
and it does on all installers or only certains ? it does only on Windows 11 ?
Sylvain Ard
0549507724
0778380991
Entreprise individuelle SIRET : 800792434000220549507724
0778380991
Leslie Desser
Nov 29, 2022, 6:00:24 AM11/29/22
to innosetup
Sylvain Ard
Nov 29, 2022, 6:55:03 AM11/29/22
to inno...@googlegroups.com
thank you ! I was asking if the problem arose on all setups or only some and if the problem arose only on Windows 11
Sylvain Ard
0549507724
0778380991
Entreprise individuelle SIRET : 800792434000220549507724
0778380991
To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/4ba7dd23-7afe-4bb5-9ae5-a2281d4e1a87n%40googlegroups.com.
Leslie Desser
Nov 29, 2022, 7:17:44 AM11/29/22
to innosetup
My problem was on W10.
Sylvain Ard
Nov 29, 2022, 7:19:49 AM11/29/22
to inno...@googlegroups.com
OK
Sylvain Ard
0549507724
0778380991
Entreprise individuelle SIRET : 800792434000220549507724
0778380991
To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/fd6c87e7-9ac5-4284-b5fa-48c435193eb8n%40googlegroups.com.
Rob Nicholson
Nov 29, 2022, 11:33:30 AM11/29/22
to innosetup
Occurs on all setups using Windows Defender so yes, Windows 10 and 11.
Bill Stewart
Nov 29, 2022, 5:50:33 PM11/29/22
to innosetup
On Tuesday, November 29, 2022 at 9:33:30 AM UTC-7 nichol...@gmail.com wrote:
Occurs on all setups using Windows Defender so yes, Windows 10 and 11.
Right at the top of the forum, please see the notice, in red text:
If you can't see the picture, it says this:
"Please do not post messages about your antivirus program here but contact its vendor instead."
In other words you need to report your installer to Microsoft as a false-positive.
Posting about it here does no good as we do not manage the Windows Defender antivirus engine.
Leslie Desser
Nov 30, 2022, 12:29:26 AM11/30/22
to innosetup
If you read my initial post, my issue was not that the resultant installer file created by INNO was detected as a virus but that INNO while building the install file was giving an error for file psftp.exe "... the file contains a virus or potentially unwanted software".
And indeed Defender also threw up a message. BUT if I check
psftp.exe with Defender it does not report any problem.
So its neither an INNO created installer file that is giving a false positive, nor the file that is being included is giving any error when checked individually, its the PROCESS of INNO doing its bit that is triggering Defender.
Its something that INNO is doing while compiling that triggers the error.
The file psftp.exe is part of the WinSCP/Putty pack and what is happening for me should be repeatable.
So my understanding of this all is that its not a simple false positive of an install file that is causing my problem.
Rob Nicholson
Nov 30, 2022, 1:50:43 AM11/30/22
to innosetup
>If you read my initial post, my issue was not that the resultant installer file created by INNO was detected as a virus but that INNO while building the install file was giving an error for file psftp.exe "... the file contains a virus or potentially unwanted software".
Windows Defender is catching the virus when INNO writes the installer file. That's how real-time detection normally catches viruses - when the "bad" EXE is written to disk. Torrents are often a hotbed of virus infected installers and it's during the download that virus scanners catch them.
Bill Stewart
Nov 30, 2022, 12:08:44 PM11/30/22
to innosetup
On Tuesday, November 29, 2022 at 10:29:26 PM UTC-7 Leslie Desser wrote:
If you read my initial post, my issue was not that the resultant installer file created by INNO was detected as a virus but that INNO while building the install file was giving an error for file psftp.exe "... the file contains a virus or potentially unwanted software".And indeed Defender also threw up a message. BUT if I check psftp.exe with Defender it does not report any problem.So its neither an INNO created installer file that is giving a false positive, nor the file that is being included is giving any error when checked individually, its the PROCESS of INNO doing its bit that is triggering Defender.Its something that INNO is doing while compiling that triggers the error.The file psftp.exe is part of the WinSCP/Putty pack and what is happening for me should be repeatable.So my understanding of this all is that its not a simple false positive of an install file that is causing my problem.
Unless IS is changing the file hash (it isn't), then yes it is a false positive. My guess is that you have exempted one or more files or folders from scanning which is why you only see it sometimes. But this is just a guess. You can test this yourself by disabling the antimalware tool and then compiling your setup executable again. It would be unsurprising if it completes successfully in this case.
Reply all
Reply to author
Forward
0 new messages