ojanacek
Posts: 8
Joined: Fri Jul 28, 2017 2:29 pm

Some EXE installers reported as malware after updating to 21.3.1

Mon Jan 08, 2024 8:50 pm

We recently updated from 19.2 to 21.3.1 on a couple of build agents. Most of the newly built installers on these agents are fine but some (namely some EXE) installers are now treated as malware by some AVs. It's reported as Gen:Variant.Strictor.286316.

For now we reverted back to 19.2 as convincing all customers to whitelist these installers is not an option. We are looking into installer signing, it that helps. And we also turned some installers to MSI since they didn't really need to be EXE. That helped.

Unfortunately, I cannot provide you with the exact files to replicate the issue. Consider this as a bug report in case someone else also experiences the same.

Liviu
Posts: 1026
Joined: Tue Jul 13, 2021 11:29 am
Contact:  Website

Re: Some EXE installers reported as malware after updating to 21.3.1

Tue Jan 09, 2024 9:37 am

Hello,

This is a false positive, I ensure you. Nowadays the antivirus heuristics is changing on a daily basis and they become more and more aggressive.

Regrettably, there also has been an increase in false positive detections by Windows Defender recently.

Please note that it is not necessary to persuade your customers to whitelist your installer. You can simply send a false positive report to the AV providers who detected your setup.

Aside of signing your application files and the setup package itself, the other complementary solution to avoid such false positive detection will be to contact the related antivirus vendors and ask them to whitelist your software or to report a false positive detection to them.

Have a look over our False positive virus detection
article.

Before releasing a new version of Advanced Installer we always follow these steps; if required we contact specific antivirus vendors and report issues to try to help them improve their detection algorithms in the future. However, sometimes we need to report a false positive detection, as their detection algorithms evolve constantly.

If you are having problems at build time with Windows Defender, please check the following threads for a solution:

1. Alternate path for Temp build files

2. Error Signing an exe-file

Please keep in mind that false positives can sometimes occur, and addressing them may take time and cooperation with antivirus vendors.

Best regards,
Liviu
________________________________________
Liviu Sandu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”