eric94087
18th November 2009 19:41 UTC

McAfee thinks install is a trojan, catches dcryptdll
I've been using NSIS to create an installer for our program for 2 years now. I use the DcryptDLL.dll when installing my files. Recently, McAfee, has begun flagging our install program as a trojan. When running, the install will get up to the installation section, and try to use DcrtyptDLL to decrypt my files (which are separate from the install executable, basically just a zip file that is encrypted) when the virus scan will catch DcryptDLL.dll, call it a trojan, and delete it. This causes the decrypting part of my install to fail, which causes everything else to fail.

This is the virus definition page McAfee has http://vil.mcafeesecurity.com/vil/content/v_241294.htm.

We are contacting McAfee, but who knows how responsive they will be. Has anyone else run into this problem? Does anyone have any ideas?

Anders
18th November 2009 20:39 UTC

every once in a while, a nsis plugin gets flagged as a trojan, not much you can do other than report it to the vendor and shame them on http://nsis.sourceforge.net/NSIS_False_Positives

Zinthose
19th November 2009 02:25 UTC

We have also ran into this problem. Typically when we use UPX on silent installs. All the packages we make are for internal use only so it's an easy fix through our EPO server. We have been reporting the issues to McAfee in addition to our EPO adjustments.

We have also ran into an issue when deploying large packages. In particular a 1.3GB install EXE gets corrupted on the way to the network shares due to a scan timeout.

Nothing to do specifically with NSIS but useful information non the less.