Heur.AdvML.C

I created a setup using Inno for a 64-bit application produced with 2017r3. I have made several of these with no issues. Now a user is reporting a block by virus scan for Heur.AdvML.C

Has anyone else suffered from this? Any ideas?

Yes. Changed the compression level and recompiled the setup. User reported this false positive to the AntiVir Maker. All went fine. :slight_smile:

What compression level did you use? There are many possibilities, and lzma caused my problem.

zip zip/1 through zip/9 bzip bzip/1 through bzip/9 lzma lzma/fast lzma/normal lzma/max lzma/ultra (review memory requirements below before using) lzma/ultra64 (review memory requirements below before using) lzma2 lzma2/fast lzma2/normal lzma2/max lzma2/ultra (review memory requirements below before using) lzma2/ultra64 (review memory requirements below before using) none

I would like to minimize the file size but avoid the false virus alarm.

Depends on the content, like images, sounds, many textfiles…
The compression is not generally an issue, it‘s just this time that it causes a binary pattern checksum that is similar to a virus checksum. Sometimes a recompile is enough to fix it.
maybe the user can just exclude this setup from a virus check this time?

lzma2/fast

But this really is not so important. Those false positives happen sometimes with any Anti Virus System, because sometimes a Binary “Stream” can have the same Signature/Checksum/Binary Order/… as a specific Virus/Trojaner/Root Kit Tool/…

Oh, and by the way, heuristic detections are a smart way to detect new/unknown infections but this method is far from beeing perfect and often leads to false positives. :wink:

Thank you very much Sascha. That solved my problem.