7

Good Morning,

My exe created with Innosetup are seen as a Virus!!!

It is really annoying because I can't send them to help out my user. As anyone ever faced this problem?

I use InnoSetup 5.5, and I do not actually copy file, I just have to generate a few command to handle certificate.

Thanks in Advance

[EDIT]

The Inno script

So it's a bit complicated as I need to take admin right using psexec, delete the previous certificate, then install the new One

#define MyAppName "Update Certificate"
#define MyAppVersion "1.0" 
#define MyAppPublisher "kkk"
#define MyAppExeName "updateBase"
#define installConf "installConfig.exe"  
#define uninstallCert "unCert.exe"
#define psexec "psexec.exe"
#define passAdmin "password"


[Setup]

AppName={#MyAppName}
AppVersion={#MyAppVersion}
AppPublisher={#MyAppPublisher}
DefaultDirName={localappdata}
DisableDirPage=yes
DisableReadyPage=yes
DisableWelcomePage=yes
PrivilegesRequired=none
CreateAppDir=no   
CreateUninstallRegKey = no    
OutputBaseFilename={#MyAppExeName}
Compression=lzma
SolidCompression=yes     
SetupIconFile=favicon.ico

[Languages]
Name: "english"; MessagesFile: "compiler:Default.isl"

[Files]
Source: "{#installConf}"; Flags: dontcopy
Source: "{#psexec}";  Flags: dontcopy
Source: "{#uninstallCert}"; Flags: dontcopy

[Code]
var
  ResultCode: Integer;
  Page: TWizardPage;
  CustomPageID: Integer;
  InstallRadioButton: TNewRadioButton;
  DeleteRadioButton: TNewRadioButton;   
  UpdateRadioButton: TNewRadioButton;

procedure ExitProcess(exitCode:integer);
  external 'ExitProcess@kernel32.dll stdcall';

The unCert.exe is handeling certificate to delete them

// Uninstall previous certificate 
function UninstallCertificat(): Boolean;var 
  arg: String;
begin   
      ExtractTemporaryFile('{#uninstallCert}');  
      ExtractTemporaryFile('{#psexec}');      
     arg :=  ' /accepteula -u Administrateur -p {#passAdmin} -i ' + AddQuotes(ExpandConstant('{tmp}\{#uninstallCert}')) ; 
     Result := Exec(AddQuotes(ExpandConstant('{tmp}\{#psexec}')),arg,'', SW_SHOW, ewWaitUntilTerminated, ResultCode);
     Log(AddQuotes(ExpandConstant('{tmp}\{#psexec}'))); 
     Log(AddQuotes(ExpandConstant('{tmp}\{#uninstallCert}')));
      if ResultCode <> 0 then begin
        MsgBox('InitializeSetup:' #13#13 'Certificat Uninstall Failed', mbError, MB_OK);
        ExitProcess(2);
      end else  begin;
          MsgBox('InitializeSetup:' #13#13 'Certificat Uninstall Done', mbInformation, MB_OK);
      end;
 end;          

 // Géneration des Mots de passe pour le certificats
function getPassWord(): string;
var
  computerName: string;
  V: string;
begin
  // Something to generate the password
end;



// Certificate installation 
function InstallCertificat(): Boolean;var 
  arg: String;
  Filename: string;
  pass: string;
begin
  pass := getPassWord();;                
  ExtractTemporaryFile('{#psexec}');      

  Filename := ExpandConstant('{tmp}\cert.p12');
  FileCopy(ExpandConstant('{src}\cert.p12'),ExpandConstant('{tmp}\cert.p12'), False);
     arg :=  ' /accepteula -u Administrateur -p {#passAdmin} -i ' + GetSystemDir() +'\certutil.exe -p ' + pass + ' -importPFX ' + Filename + ' NoExport'; 
     Result := Exec(AddQuotes(ExpandConstant('{tmp}\{#psexec}')),arg,'', SW_SHOW, ewWaitUntilTerminated, ResultCode);
      if ResultCode <> 0 then begin
        Log( SysErrorMessage(ResultCode));
        MsgBox('InitializeSetup:' #13#13 'Certificat Installation Failed', mbError, MB_OK);
        ExitProcess(2);
      end else  begin;
          MsgBox('InitializeSetup:' #13#13 'Certificat Installation Done' , mbInformation, MB_OK);
      end;
 end;
Robert Hume
  • 1,129
  • 2
  • 14
  • 25
LinChan
  • 417
  • 1
  • 5
  • 17
  • All you can do in this case is contacting AV vendors to whitelist your setup. The reason for that report will be most probably heuristics analysis which can lead to false positives as yours. Maybe you can post your code so we would be able to suggest you some workaround (if there's any). – TLama Jul 21 '14 at 12:04
  • If the problem occurs with Norton and Symantec software it may be also connected to the 'populatiry' functionality in their programs. If the file is new, that means not popular (0-1 points) Symantec informs that software is suspicious. Check your setup on [https://www.virustotal.com/](https://www.virustotal.com/) and you will know who to contact with. – RobeN Jul 21 '14 at 13:19
  • Actually it's not really the software like Norton who are most anoying to me, for example I cant send them with something like GMAIL – LinChan Jul 21 '14 at 14:30

1 Answers1

8

Try to comment out SetupIconFile line. In my case the problem with antivirus was with .ico file.

bartolo-otrit
  • 2,396
  • 3
  • 32
  • 50