Hello,
I'm encountering an issue where my antivirus (Windows Defender on Windows 10) is flagging updater.exe as a threat, specifically with the detection Trojan:Win32/Bearfoos.A!ml. This is causing our auto-update process to fail since the executable gets blocked or removed.
Any idea why?
Thanks in advance for your help!
Suggested Articles
Re: Updater.exe flagged as virus
I had a similar experience yesterday except that the .EXE built by Advanced Installer 22.3 was flagged by Symantec Endpoint Protection as having heuristic virus HEUR.AdvML.B and blocked right away. I uninstalled 22.3 and reinstalled 22.2 and the build was successful, no virus detected.
Re: Updater.exe flagged as virus
Hello,
After building the final setup on your machine, it is advisable to upload your setup to virustotal.com, an online malware scanning service. If the setup is detected by major antivirus vendors (Microsoft, Bitdefender, McAfee, Avast, etc) contact the respective antivirus company to report the false positive.
Before releasing a new version of Advanced Installer we always follow these steps; if required we contact specific antivirus vendors and report issues to try to help them improve their detection algorithms in the future. However, sometimes we need to report a false positive detection, as their detection algorithms evolve constantly.
You can submit your installation package through the Microsoft False Positive Report portal:
https://www.microsoft.com/en-us/wdsi/filesubmission
Aside of signing your application files and the setup package itself, the other complementary solution to avoid such false positive detection will be to contact the related antivirus vendors and ask them to whitelist your software or to report a false positive detection to them.
Have a look over our article about this topic.
https://www.advancedinstaller.com/false ... ction.html
You can send your setup package for whitelist to Symantec here:
https://symsubmit.symantec.com/
Hope this helps!
Best regards,
Liviu
Regrettably, there has been an increase in false positive detections by Windows Defender. This may happen if the setup is not digitally signed. Did you sign it?I'm encountering an issue where my antivirus (Windows Defender on Windows 10) is flagging updater.exe as a threat, specifically with the detection Trojan:Win32/Bearfoos.A!ml. This is causing our auto-update process to fail since the executable gets blocked or removed.
Any idea why?
After building the final setup on your machine, it is advisable to upload your setup to virustotal.com, an online malware scanning service. If the setup is detected by major antivirus vendors (Microsoft, Bitdefender, McAfee, Avast, etc) contact the respective antivirus company to report the false positive.
Before releasing a new version of Advanced Installer we always follow these steps; if required we contact specific antivirus vendors and report issues to try to help them improve their detection algorithms in the future. However, sometimes we need to report a false positive detection, as their detection algorithms evolve constantly.
You can submit your installation package through the Microsoft False Positive Report portal:
https://www.microsoft.com/en-us/wdsi/filesubmission
This is a false positive, I ensure you. Nowadays the antivirus heuristics is changing on a daily basis and they become more and more aggressive.I had a similar experience yesterday except that the .EXE built by Advanced Installer 22.3 was flagged by Symantec Endpoint Protection as having heuristic virus HEUR.AdvML.B and blocked right away. I uninstalled 22.3 and reinstalled 22.2 and the build was successful, no virus detected.
Aside of signing your application files and the setup package itself, the other complementary solution to avoid such false positive detection will be to contact the related antivirus vendors and ask them to whitelist your software or to report a false positive detection to them.
Have a look over our article about this topic.
https://www.advancedinstaller.com/false ... ction.html
You can send your setup package for whitelist to Symantec here:
https://symsubmit.symantec.com/
Hope this helps!
Best regards,
Liviu
FOLLOW US