Download Failed Setup.exe contained a virus and was deleted


(Neil Fowlie) #1

Bug report

Browser fails to download because it thinks a virus has been detected.

Info

  • Platform: Windows
  • Platform version: 10
  • App Version: 3.25.2

Reproduce

Go to downloads page and click download in either the Chrome or Edge browser.


(Takuya Matsuyama) #2

Hi Neil,

Thank you for reporting it.
I scanned it on VirusTotal and it seems like false positive:

https://www.virustotal.com/en/file/1f8885c36730bffd4013b557030e47d5d480fc0fc7004245ce4872b1266a5a08/analysis/1547425424/

Windows Defender also thinks older versions are a virus threat since its recent virus detection update.

Our Setup.exe is generated with Squirrel and apps built with it sometimes get quarantined as a virus threat which is false positive, like Atom Editor.
I understand it’s frustrating. However, there is not much I can do to prevent this.
I heard that getting a code signing certificate is a way to fix anti virus issues including this Windows Defender issue.
I tried to get a code signing certificate last year but it turned out that it’s not possible at the moment (detail here).

Until Windows Defender fixes its detection algorithm, I’m afraid that this will continue to happen.
You’ll either have to add a policy exclusion for the Setup.exe runs from or whitelist the process itself.

Sorry about that.


Windows 10 blocks downloading installer, because it detectes trojan in setup.exe
(Naoaki Shindo) #3

Hello craftzdog,
I would love to try your note-taking application, but I’m afraid that I found the same error Neil reported.

It would be good idea that you submit your setup.exe to malware analysis site of Microsoft as a developer;
https://www.microsoft.com/en-us/wdsi/filesubmission

information

  • Platform: Windows 10 Pro
  • Platform version: 1803
  • Windows Defender Antivirus Definition Version: 1.283.2910.0 / Released: Jan 11, 2019 12:44 AM UTC
  • INKDROP Version: 3.25.2

(Takuya Matsuyama) #4

Thank you for the report.
Submitting the binary would solve it for now but it will happen again on the next release.

I found that Electron apps can be built as AppX.
I’m investigating if it could be solved by distributing the app via Microsoft Store.


(Takuya Matsuyama) #5

I submitted it to Windows Defender Security Intelligence for the meantime.