Installer being detected as malware
1,509 views
Skip to first unread message
Louis
May 11, 2022, 5:15:22 PM5/11/22
to innosetup
Hello,
I have the problem that the installers I make are getting flagged as a virus by Windows Defender and Microsoft Edge and users can't download them anymore as Edge blocks them and Windows Defender instantly deletes them. This only happens with version 6.2.1, installers built with 6.2.0 work fine.
Virustotal Scan of the same installer, one built with 6.2.1 and the other one with 6.2.0:
As you can see in the scan both get flagged but the newer one gets flagged from microsoft which causes the issues mentioned above. The flags by other antiviruses aren't that important.
Is there any fix to this? Maybe a setting I need to change?
Louis
Eivind Bakkestuen
May 11, 2022, 10:45:25 PM5/11/22
to inno...@googlegroups.com
As you will have seen from many previous discussions in this group, the only way forward is to submit your installers to the antivirus vendors, who can then test and whitelist them.
--
You received this message because you are subscribed to the Google Groups "innosetup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to innosetup+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/5f31605b-e382-4614-abb1-0a3ae3040c01n%40googlegroups.com.
Louis
May 12, 2022, 7:57:19 AM5/12/22
to innosetup
That's very unfortunate.
But there must have been some change, right? Why does it only get detected when build by the new version?
Gavin Lambert
May 12, 2022, 7:11:22 PM5/12/22
to inno...@googlegroups.com
On 12/05/2022 23:57, Louis wrote:
> That's very unfortunate.
> But there must have been some change, right? Why does it only get
> detected when build by the new version?
Because somewhere, someone also used that version of Inno Setup to
> That's very unfortunate.
> But there must have been some change, right? Why does it only get
> detected when build by the new version?
package their malware, and the antivirus vendors were not sufficiently
careful when generating signatures for it, so it matches the installer
component and not just the malware payload.
You can reduce false positives somewhat by also signing your installer
(this may not be instant, some vendors accord trust progressively over
time), but officially submitting a sample as a false positive is
recommended whenever something is falsely flagged.
Bill Stewart
May 18, 2022, 3:41:11 PM5/18/22
to innosetup
I would add that there are some very obvious notes right at the top of the web interface of this forum:
Please do not post messages about your antivirus program here but contact its vendor instead.
Before asking a question, please try the Search function.
Before asking a question, please try the Search function.
I guess these notices just aren't big and bold enough...
Reply all
Reply to author
Forward
0 new messages