Virus detection in installing the installation built by InstallShield 2019 Professional
We update our InstallShield projects to InstallShield 2019 Professional.
As we implement the installation built by InstallShield 2019 Professional, in installing procedure, some antivirus software will detect the Trojan threat then blocked or deleted infected files.
Finally, when we try to uninstall the application, we failed to uninstall the application.
By the way, antivirus softwares detect nothing when we implement the installation built by the former version of InstallShield, and the uninstallation successes.
Do you have any solutions to fix the issue?
Nothing to worry about this, basically anti virus software has its own virus definition and algorithm to identify the threats to the system, and these virus definitions /rules are updated almost daily to cope with the latest threats to the system. Usually, anti virus software continuously monitor the system changes and block the suspicious executable if it is not authorized to do those system changes according to the their definitions. Some of the system changes monitored by anti virus software are copying and creating files, spawning new process, network communication, changing system policies, accessing the system registry, downloading files, etc. Installer software does all of these during the course of installation. So, only way to get rid of this to make it authorize or update the respective antivirus software definitions through their reporting channel.
- Ensure to sign the Setup installer and its pay loads to prove the identity where it is coming from, and ensure to renew the certificate in every year.
- Report the false-positive detection to the respective anti virus Software company, through their reporting channel. While reporting, start with the with widely used anti virus Software companies. Because, mostly others will follow the leaders in this market.
Thanks for your quickly reply.
I always sign the installation with effective digital signature and make sure all the files package by InstallShield through the detection of antivirus software.
And the suggestion item 2 of reply, reporting to wide used antivirus companies is not the solution for the long-term, even if it is the solution, it should be Flexera reporting to antivirus software to get authorized of InstallShield , right?
In addition, why the setup.exe built by the previous version of InstallShield products won't be detected to the malware, it seems only happen in InstallShield 2019 series?
Hope Flexera InstallShield will fix the malware problem.
Flexera seem has a updated version of Instllshield 2019 R3 at the end of 2019 before that they have a hotfix updated at the third or fourth season.
After these updated, the issue was resolved.
The hotfix of Instllshield seem to fix some certification problems, I didon't record the detail of the hotfix.
Hope the reply help you.
- Add tags
Thanks for your response and guidance.
Installed the hot fix : did not resolve the virus scan detection issue.
Upgraded to IS2019 R3 : Resolved the issue
Kiran kumar sreeram
Seems the hotfix doesn't fix the malware issue, the malware problem come one after another.
We use the InstallShield 2019 to create the empty project then build the installation.
Upload the installation to virustotal website, the file of installation will be detected to malware or trojan.
If you install the installation to PC, some generation files of InstallShield will be detected to trojan effected by Windows Defender. Attachments for your reference.
This problem has caused us a lot of distress.
Hope @flexera will pay attention to this problem and solve it as soon as possible.
- Installshield 2019
We found the file that be created by InstallShield 2019 in C:\Program Files (x86)\InstallShield Installation Information\[GUID]\setup.exe will be detected a dangerous Trojan by Windows Defender.
I have been using Installshield 1019 R3 premier. I faced the same issue where my installer gets deleted automatically by anti-virus.
however once I signed the setup.exe it's all fixed,
but sometimes some antivirus still detects it as virus and I have to manually tell the antivirus to exempt it
I try to sign DigitalSignature for every file in an InstallShield 2019 empty installation file, but it still be detected the Trojan warning in virustotal.com.
Some antivirus engines don't update any longer, but they still report the warning messages.
Our customers can't understand why our software product can be detected Trojan warning......
I have an older version InstallShield, the installatin file build by older version will not have any Trojan warning.
Orca didn't do much help for me as I'm working out of Visual Studio; I don't have access to the .msi file.
I opened .ism file in Notepad and came across this setting:
After upgrading to InstallShield 2019 R2 this value changed to 782, I reverted back to 779 and was able to reopen my .ism file in both Visual Studio and in standalone InstallShield 2018 R2.
Looks like this does what I need.
Hopefully someone official from InstallShield can chime in and mention if there are any side effects to this.
When you opened the project file in IS 2019 R3 first time, it would have created a backup project file in the local location which is compatible with your last version. backup file name will be like [Your Project File Name].ism.XXX.
You can rename this file by removing the last three digit from the file name, and it can be opened in the previous version without any issues.
More information can be found at the below link: https://helpnet.flexerasoftware.com/installshield25helplib/rn/ReleaseNotes.htm#isreleasenotes_2630790174_1047097
I also noticed .ism.779 could be restored and this worked for a product that had only been released once on InstallShield 2019 R2, but I still had to apply the hot-fix on a product that had been released multiple times on this version.
After uninstalling InstallShield 2019 R2, resetting the schema version manually allowed me to reload the setup project at a specific build state and rebuild with InstallShield 2018 R2.