Inno Setup is Flagged as Trojan?
-
@aaronventure Have you scanned your computer for viruses and Malware?
Maybe there is some contamination to the installers.
Normally it doesn’t happen frequently and passes 99.9% of the computers, if the installer is clean.
-
Tried it in a sandbox, same thing.
Again, I just click through the wizard and create an empty installer with no files of my own, I even set the flag that it doesn't contain an .exe file.
Same flags pop up when I upload the file to Virus Total.
On my laptop (Win10), it won't even compile, it stops the Inno compilation saying it's detected a virus.
Inno 6.2.2. Can anyone check, if you're on windows? Download Inno 6.2.2, just run through the script wizard, don't even change any names, don't include any files.
-
@aaronventure If you search innosetup false positive in your favourite search engine you will see this a lot. They want your money to make the nasty warning go away.
:money-mouth_face:
-
@d-healey I've read through all the threads on stackoverflow, yeah.
Well, if I sign it with Limelighter, the number of flags goes down from 17 to 7, one of them still being Microsoft.
-
I'm looking into this tonight. I have the EV certificates, and for some reason NORTON hates my installers. Specifically, the files created for uninstallation.
-
@Dan-Korneff tried InstallForge, now my main computer also detects that setup as a virus, and it's flagged 11/72 on VirusTotal.
That custom HISE installer idea looking better and better with every moment...
-
@aaronventure said in Inno Setup is Flagged as Trojan?:
custom HISE installer idea looking better
But the user still has to install the installer
-
@d-healey do they? I tried exporting a standalone exe and it scans fine.
Is there a reason distributing that wouldn't work?
-
@aaronventure I supply just a standalone and don't have any issues, other than permissions issues (unrelated to virus scanning)
-
@DanH right then, a standalone app that will do the simple installation of samples + vst3.
I imagine the mac version still needs to be notarized
-
@aaronventure for Mac I put the app in a DMG file, and notarise the DMG. The app needs to be codesigned obviously
I use DMG Canvas
-
@aaronventure I'm not 100% sure, but I think that any binary that you compile on your system is automatically considered trustworthy on your system (that's at least how it works on macOS).
But there are other reasons that might flag a Innosetup installer:
- requires admin access for copying files to places which wouldn't be accessible
- writes something into the registry to be listed in the "Uninstall App" window of System control
- tries to write files somewhere (this is a more suspicious activity than rendering audio)
I don't think any kind of custom-made installer will fix that problem. But are you sure that's a problem at all? You wouldn't be the first person that distributes an app with InnoSetup and the others seem to be fine.
-
@DanH do you need to do that for the vst3 or au as well?
-
@aaronventure codesign? Of course :)
-
@Christoph-Hart Yup my InnoSetup installers only very occasionally get flagged on a users system (I suspect more than I know because users are used to this and simply install them anyway), so I would send some out to beta testers and see what happens @aaronventure
-
@DanH There's also browsers which have their own system for flagging suspicious binaries and preventing the user downloading them.
-
@d-healey haven't had any issues with those thus far far :crossed_fingers:
-
@Christoph-Hart I tried it on another computer, instantly flagged. No files at all inside, just a blank installer, no changes to the script.
That one won't event build one. I'm scanning with VirusTotal.
I just need to ask the user where they want the samples, then put the vst3 into the right folder, and create the LinkWindows file. That can be done with HISE, right? Had a brief look at the file and filesystem api...
-
@aaronventure yes that can all be done with a Hise app, but perhaps try building your inno stuff on a different computer first
-
Have you named your installer setup.exe or a custom name? Apparently calling it setup.exe will raise the probability of a false positive.
You gotta appreciate the brain power and excellence that went into developing antivirus software, that‘s some peak genius move.