cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
alancc
Level 6

Installer created by IS Express 2020 R1 is detected by BitDefender?

Hi,

In the past, installer created by IS Express 2019 has been reported by some antivirus programs by mistake.

Since IS Expres 2020 R1, I think the problem is solved.

However, today I receive a customer's message saying his BitDefender Total Security (v20.0.9.46) said my setup.exe was infected and quarantined it.

Below is the detailed information:

1) The file C:\Users\hardman0\AppData\Local\Temp\k+nZ1KqE.exe.part is infected with Gen:Suspicious.Cloud.4.@x3@auHt!Mei and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.; and
2) The file F:\hardman0\downloads\DataNumen_NTFS_Undelete_dntu.exe is infected with Gen:Suspicious.Cloud.4.@x3@auu9GJii and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.

I try to check my installer via virustotal.com, and no engine detects my installer:

  1. For DataNumen Backup: https://www.virustotal.com/gui/url/02f658318c7cef9c75e11158b9683e7f8883e3e4587d44109c20c80f159033c7/detection

  2. For DataNumen NTFS UNdelete: https://www.virustotal.com/gui/url/7441b4dd0786bbe8dec263427be4d1f2bd1fbaa8c987657d53628418bd00853f/detection

I also try to download a free version of BitDefender and then use it to scan both files. None of the files are detected.

So what is the problem? Has anyone else encounter the similar problems?

Thanks

 

Labels (1)
0 Kudos
(9) Replies
alancc
Level 6

Has anyone encountered similar problems?

0 Kudos

Yes, it's still a problem in IS Express 2020 R1 (it was a problem in IS Express 2019 as well). I went back to IS Express 2016 to create an installer without the problem. They should fix the problem instead of charging us for a new maintenance agreement for a problem that caused us hours of grief.

0 Kudos

I purchase IS Express on 2020. The problem is that Flexera refuses to give me the old version of IS Express. And the old versions cannot open the project created by the new versions.The only versions I can get is IS Express 2019 R3 and IS Express 2020 R1. With IS Express 2019 R3, the created installer will be flagged by more engines and Flexera promoises that 2020 R1 will solve the problem. Now it seems 2020 R1 still not fix everything.

 

 

0 Kudos

Hi @alancc ,

If you have licenses for old versions,you will be able to get it.If that had expired,you will only get for those you are entitled with here: InstallShield 2019 & 2020.That is how licensing works!!

Coming to BitDefender detection part:

  • Is your setup file signed by trusted Certificate Authority?
  • Now a days lot of anti virus software applications started flagging for broad range of code patterns.It would be better if you could get the definition for which it flags.
  • We couldn't get much details about "Gen:Suspicious.Cloud.4.@x3@auHt!Mei"  and "Gen:Suspicious.Cloud.4.@x3@auu9GJii".Can you help us with these definitions by contacting BitDefender?
  • If those are false-positive it would be better ,f those are getting submitted and whitelisted by anti virus software itself.

Thanks,

Jenifer

0 Kudos

It seems the license of IS Express 2019 R3 does not include licenses of old versions. I have asked the support and they said the old versions cannot open the project saved in new version.

  • Is your setup file signed by trusted Certificate Authority?

      A: Yes, all signable files, together with the installer itself, are dual-signed via SHA1 & SHA256 certficiate from DigiCert.

  • Now a days lot of anti virus software applications started flagging for broad range of code patterns.It would be better if you could get the definition for which it flags.

A: I do not get any response from the user any more. So don't know more info about the patterns.

 

0 Kudos

Hi @alancc ,

 

Thanks for your quick response!!

" I have asked the support and they said the old versions cannot open the project saved in new version.":You can still open the project with older versions by renaming the backup file created on the same directory.

For an example if you are opening a IS2019 project in Installshield 2020,you could see Project_File_Name.7xx backup file been created.You can rename that to ism and open with the previous version of InstallShield.

 

Thanks,

Jenifer

0 Kudos

Hi, @Jenifer 

The Bitdefender replies as follows:

"Thank you for your patience and I hope my e-mail finds you well.

Our malware research team has finished analyzing the sample you submitted:

Nirsoft applications are detected as Potential Unwanted Application
(PUA/PUP) by Bitdefender because it might be used with malicious intent.

As such, if there is a legitimate need to use Nirsoft applications on a
specific computer within your network the Security Admin can configure
the security policies in Bitdefender Console to exclude the tools by
path (e.g) on the specific target computer or computer groups.

Have a nice day!"

After reading the reply, I don't know what is Nirsoft until I search on Google. It seems that that is a suite of Windows app. But I have no idea of them, neither will I include such app into my installer. Does InstallShield includes Nirsoft into the installer?

0 Kudos

Hi @alancc ,

 

I would either answer "No from Installshield as well" or ask you to reach out Flexera support for further analysis from team.You can reach out support@flexerasoftware.com

 

Thanks,

Jenifer

0 Kudos

@Jenifer 

Thank you. I will open a case and ask Flexera support about that. Frankly, based on my past experiences, the flexera support is not better than the community, so for most of the cases, I prefer to ask on community instead of contacting the support.

0 Kudos