But Its a lie
I am facing this issue with my installer: Installer exe when downloaded from the websites in Chrome are flagged as being malicious software.
To overcome this problem so far we have tried changing domain names,but its not a permanent solution.
Even after signing my exe with Thawte certificate the flag is still there.
I have scanned my exe with all popular AVs and there is nothing malicious in it.
How can I get rid of this chrome flag?
The webmaster site doesn't do anything to help with the false positive on installers. All it does is tell you the file is potentially malware without giving you any way of appealing or asking for a review of their findings. With FireFox and Chrome and others using this data, you would think Google would provide a way to appeal. It is ironic the company starting the false positive initiative with Microsoft is the worst offender in creating false positives.
You may be able to get around the issue by supplying your site's URL to "Google Webmaster Tools". You don't even have to supply a URL for every single "malicious" file; an overall, top-level URL for your site (or, for your little corner of Blogger.com) seems to be adequate.
If you've got a Google account, just log in and go to this URL. There's a prominent textbox with an "Add Site" button next to it that does the trick. This worked for me, in a matter of minutes (and I don't have a "certificate", other than the one I got for winning a raft race in Pre-K).
Oh, and I too have experience working in heuristics, as part of my degree. "Heuristics" are really just what ordinary, unpretentious people call "rules of thumb"!
It may be that Chrome is using heuristic analysis, to determine that this file is "malicious". That is to say, it is basically saying "Because this file possesses these qualities, we therefore believe this file to be malicious".
Given that a few years ago, someone got hold of a root certificate authority, and proceeded to make genuine security certificates (so that people wouldn't be suspicious, and because they were actually genuine, browsers did not notify the user), for their sites which asked for personal data (bank username and password, etc), and stole it, until that authority was annulled a few days later.
Therefore, simply having an .exe with a certificate (a genuine one, which of course, you have), won't suffice, in Chrome's mind, for the above two reasons.
I'm sorry I can't tell you how to get rid (or at least alleviate somewhat) this issue, but I thought it'd be helpful for you to have some possible reasons as to why this is occurring.
**EDIT: Sources to back up my claims: http://news.techworld.com/security/3266817/online-fraudsters-issue-fake-security-certificates-for-google-yahoo/
http://www.bbc.co.uk/news/technology-14819257**
I also have experience working in heuristics, as part of my programming degree.
