AskHN: As developer, avoid .exe to be “File might be dangerous” by antivirus
I sell an application, that people download from my website, in a zip. They unzip it, and run the .exe.
Then Avast does a deep scan of the file and an alert "This file might be dangerous".
How to avoid this?
Things I have tried, that don't solve the problem:
* Have proper resource.rc file in Visual C++, with details about the .exe: BLOCK "StringFileInfo", VALUE "CompanyName", etc.
* Use makecert, certutil, "signtool" from Windows SDK
Things that won't work:
* Add to local avast exclusion (I can't ask every customer to do this!)
* Redo a "Submit file to Avast Lab for scan" for each new build of the .exe. It's not scalable to have to re-submit the .exe to Avast (and all other antivirus software) for each new build.
How do you handle with that?
3 comments
[ 3.0 ms ] story [ 18.3 ms ] threadHard to troubleshoot otherwise without more detail; are you using any unusual code-compressing or code-obfuscating in the final binary?
> You mention code-signing above, but are you certain it's being done with a root certificate that the AVs trust?
How to do that? What certificate do you usually use / which signing software?
http://www.davidegrayson.com/signing/#choosing