AskHN: As developer, avoid .exe to be “File might be dangerous” by antivirus

3 points by josephernest ↗ HN
I sell an application, that people download from my website, in a zip. They unzip it, and run the .exe.

Then Avast does a deep scan of the file and an alert "This file might be dangerous".

How to avoid this?

Things I have tried, that don't solve the problem:

* Have proper resource.rc file in Visual C++, with details about the .exe: BLOCK "StringFileInfo", VALUE "CompanyName", etc.

* Use makecert, certutil, "signtool" from Windows SDK

Things that won't work:

* Add to local avast exclusion (I can't ask every customer to do this!)

* Redo a "Submit file to Avast Lab for scan" for each new build of the .exe. It's not scalable to have to re-submit the .exe to Avast (and all other antivirus software) for each new build.

How do you handle with that?

3 comments

[ 3.0 ms ] story [ 18.3 ms ] thread
You mention code-signing above, but are you certain it's being done with a root certificate that the AVs trust?

Hard to troubleshoot otherwise without more detail; are you using any unusual code-compressing or code-obfuscating in the final binary?

No code-compressing or obfuscating used.

> You mention code-signing above, but are you certain it's being done with a root certificate that the AVs trust?

How to do that? What certificate do you usually use / which signing software?