18th August 2012, 19:48
|
#1 |
|
Junior Member
Join Date: Aug 2012
Posts: 1
|
Most AV treats nightly as a virus
https://www.virustotal.com/file/c5db...is/1345318253/
Most files in Stubs. Possibly false positive, possibly related to start page changer, possibly made in such a brutal way, so more than half of AVs treats it as a malware. But possibly it's there not because developer wished so? Stable is clean |
|
|
|
19th August 2012, 06:48
|
#2 |
|
Moderator
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 2,784
|
I don't know what startpage changer is but a lot of those listed there have generic in the name, this is your clue that it is probably a false positive...
IntOp $PostCount $PostCount + 1 |
|
|
|
|
17th September 2012, 15:22
|
#3 |
|
Junior Member
Join Date: Sep 2012
Posts: 2
|
False positives
What stinks about this is that it's not as simple as telling your users, "Don't worry about those warnings just hit the next button" They're not going to do that. NSIS is almost ALWAYS listed in some way or another as a virus.
Have you found any way to mitigate this besides automating false positives emails to the AV vendors? |
|
|
|
|
17th September 2012, 16:11
|
#4 | |
|
Major Dude
Join Date: Oct 2006
Posts: 1,841
|
Quote:
|
|
|
|
|
|
17th September 2012, 16:28
|
#5 |
|
Moderator
Join Date: Nov 2002
Location: Birmingham, England
Posts: 8,203
|
The only time I've had a false positive is when my installer has had an ActiveX control or IE browser extension in it. That is not surprising at all.
Stu Need an installer? http://www.afrowsoft.co.uk |
|
|
|
|
21st September 2012, 20:34
|
#6 |
|
Junior Member
Join Date: Sep 2012
Posts: 2
|
Various things
I apologize, I should have clarified what I do with it so as not to be included into the "You must be doing something crappy" bucket.
It's just because a lot of idiots use the installer to install shady crap and it ruins it for the rest of us. I've used nsis to load our company's insurance add-ons in IE silently. While our signed IE dll's install just fine via a "regsvr32 xyz.dll" manually sometimes it does not via a silent installer. Normal Installer is almost 100% of the time fine. I use the silent to pull/download various installation products via our CDN and once on the users drive, the secondary installation begins. So: #1 Run Silent Installer #2 download materials from our CDN #3 register dlls or install other software etc #4 AV sometimes flags it a "w32/generic downloader" #5 If #4 IT support phones ring I love this software and I'm not complaining. It is just a thing that we deal with. |
|
|
|
|
22nd September 2012, 06:36
|
#7 |
|
Major Dude
Join Date: Oct 2006
Posts: 1,841
|
Well, it's not surprising at all. You're silently installing browser addons, AND you're downloading more content from an online resource. That's a very shady combination, and most AV software will find it shady enough for the heuristic scanner to scream fire. I'm not sure how you could change this to appear less suspicious. The best method might perhaps be to contact the AV companies and ask them to fix the false positive in your software. If you're lucky, you won't need to ask again for every new version as long as you don't make too big changes.
|
|
|
|
 |
|
|||||||
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions.
The free customizable Winamp media player that plays mp3 + other audio files,
syncs your iPod, subscribes to Podcasts and more.
Copyright © 1999 - 2013 Nullsoft. All Rights Reserved.
Linear Mode
