Archive: nsis + avg anti-virus = :(
nsis registry + avg anti-virus = :(
hey guys.
after many hours of coding my installer is finished, thx for all the help!
1 small problem is that when i m writing to reg(Software\Microsoft\windows\currentVersion\run) the startup with windows path the avg
vicious anti virus detects it as a threat...
i tried running all of kind of downlded installers(flashget an etc ..) with the same function and the ang havn't responded to those installer as threat.
if you would be kind to help it would be great.
...
AV engines uses 2 different types to classify a file. The first one is to compare the "fingerprint" of known malware with your file. The other one is the heuristic. It scans the "behavior" of your file and check how many "good" and how many "bad" operations it does. And if the "bad" things reaches a certain percentage than the file get classified as malware.
Write do the autostart registry key is such "bad" thing. But your installer must do more bad things than that because writing to that key only normally doesn´t trigger the AV alert.
So for more help we need to see your code...
cheers
it's probably unrelated, but i recently noticed that all of my old installers where classified as malware by most antivirus scanners. what made it so bad, was the fact i was using upack header compression. switched to upx and got no more problems.
Don't worry about it...
AVG is not good anti-virus, it shows a large of false alarms. try to scan your file with Eset or other tool.
AVG has a huge userbase, so if it flags his installer as a virus that is a genuine problem that must be solved. Not worrying about it is not going to help doing that. Suggesting he just ignore the problem seems a rather pointless thing to do...
Coolmeen, one thing you could try is submitting a false positive report to grisoft: http://samplesubmit.avg.com/us-en/false-detection
I don't know if they're willing to adjust their heuristics engine to accommodate invasive NSIS installers, but you can give it a try.
yeah.. i dont think my inst will qualify to "mama tereza's" installer award..
with the user's permission it sets a custom home page on the diffrerent browsers as many other installers..
and theres the question, all the other "innocent" installers submit there program to the anti-viruses observation for false positive?
any way , surprisingly i tried reposition the reg key adding to another function/section and it worked like magic.
thx alot.
muhahaha... "mama tereza´s" installer award... :-)
Yup, sometimes you only need small changes in code. And before you release your installer you should test it with a online malware scanner like jottis or virus total...
@Yatosho
Header compression very often causes false positives (UPX too). So i don´t use them...
For my interest: Why do you use exe head packer? It can´t be the compression ratio. The filesize decrease is absolutely insignificant (in case you do an installer).
lol!
avast is so stupid that when i defined the installers icon it recognized it as a threat..
the sec i change the icon size it cooled down...
so idiotic