I created a setup using Inno for a 64-bit application produced with 2017r3. I have made several of these with no issues. Now a user is reporting a block by virus scan for Heur.AdvML.C
Has anyone else suffered from this? Any ideas?
I created a setup using Inno for a 64-bit application produced with 2017r3. I have made several of these with no issues. Now a user is reporting a block by virus scan for Heur.AdvML.C
Has anyone else suffered from this? Any ideas?
Yes. Changed the compression level and recompiled the setup. User reported this false positive to the AntiVir Maker. All went fine.
What compression level did you use? There are many possibilities, and lzma caused my problem.
zip
zip/1 through zip/9
bzip
bzip/1 through bzip/9
lzma
lzma/fast
lzma/normal
lzma/max
lzma/ultra (review memory requirements below before using)
lzma/ultra64 (review memory requirements below before using)
lzma2
lzma2/fast
lzma2/normal
lzma2/max
lzma2/ultra (review memory requirements below before using)
lzma2/ultra64 (review memory requirements below before using)
none
I would like to minimize the file size but avoid the false virus alarm.
Depends on the content, like images, sounds, many textfiles…
The compression is not generally an issue, its just this time that it causes a binary pattern checksum that is similar to a virus checksum. Sometimes a recompile is enough to fix it.
maybe the user can just exclude this setup from a virus check this time?
lzma2/fast
But this really is not so important. Those false positives happen sometimes with any Anti Virus System, because sometimes a Binary “Stream” can have the same Signature/Checksum/Binary Order/… as a specific Virus/Trojaner/Root Kit Tool/…
Oh, and by the way, heuristic detections are a smart way to detect new/unknown infections but this method is far from beeing perfect and often leads to false positives.
Thank you very much Sascha. That solved my problem.