Exe has many viruses

milsteen · October 3, 2016, 1:47pm

According to www.virustotal.com my exe has many viruses.
On that site see SAH256: 481126329632905f213ab6f04dbeff8af479c173fbea1a6c8e179c47c24f2083

Could all of these possibly be false positives? All the supporting html files are clean, according to McAfee, MalwareBytes, and Hitman Pro. Also, HTML Executable’s directory with all its libraries are clean. (All three products did a complete scan of my computer.)

milsteen · October 3, 2016, 2:11pm

Sorry, that should be SHA256: etc.

milsteen · October 4, 2016, 3:32pm

Yesterday, I spend about 6 hours on the phone talking with four consultants from McAfee who took remote control of my computer and tried to eliminate the virus. They were kind of split: some believed I really had a virus in my executable, and some believed that McAfee was picking up a false positive. Regardless of the answer to that question, I cannot possibly distribute a file that McAfee thinks, correctly or not, is infected. Still stuck.

milsteen · October 4, 2016, 3:53pm

The plot thickens. I just created the simplest possible website - one with only one page. Compiled it and created an exe file. McAfee immediately quarantined it. This proves that what McAfee is objecting to is not in the content of my original website.

gdgsupport · October 4, 2016, 4:22pm

Yes, we were able to get the same false positive with McAfee. It’s indeed a false positive, and we reported it to McAfee too. Now people from McAfee must identify what in their product could cause this false positive.

About other antivirus programs listed on virustotal: they are not widely used and have the same false positive problem. It is generally some pattern in the EXE that can cause antivirus programs to flag it as a possible virus. Unfortunately, antivirus companies don’t tell us what pattern could be the problem.
Finally, did you consider code signing your EXE file? This will also give more trust to your ebook applications.

milsteen · October 5, 2016, 4:37pm

I believe that any executable under attack by McAfee is undistributable. I can’t scare users by telling them, "If you have McAfee, turn your virus scanning off while using this program."
However, I do believe that HTML Executable is the best program of its type on the market. I have not found any other that can handle colors in alternative stylesheets correctly. The interface is also excellent. I am just hoping that 4.9 will eliminate whatever pattern McAfee finds suspicious.

chrischen · October 6, 2016, 7:58am

Please help. I can not tell people don’t use McAfee due to HE4.8.

gdgsupport · October 6, 2016, 8:36am

We already submitted the case to McAfee, let’s see if they are fast to answer. In the meantime, you can also send your EXE file to them by following instructions here:
https://kc.mcafee.com/corporate/index?page=content&id=KB85567

Be sure to code sign your EXE files to lower your false positive rate. And code signing will give trust to your end users.
HTML Executable can code sign EXE files automatically when you compile your publication, see the documentation.

Finally, if you can’t wait for a fix from McAfee, here is another solution:

This will remove the patterns that McAfee dislikes from the EXE file. But you’ll have to distribute two files: an EXE and the associated DLL file. You can zip them or package them as a single EXE file installer with Paquet Builder 3.

milsteen · October 6, 2016, 10:02pm

Many thanks for this terrific work-around. It works for me. I love it!

usr · October 9, 2016, 2:37am

This same problem is occurring with Avast, which is a very widely used antivirus system. It won’t open the exe file and deletes the file. It checked out my source files and no viruses could be found

I like the features of HTML Executable, but unless this issue can be resolved it makes HTML Executable basically unusable.

gdgsupport · October 9, 2016, 9:14am

Actually someone misused HTMLEXE to create an EXE that triggers these false positives. We’re working with the AV companies to solve the problem. Until that, use the workaround explained above, you won’t get false positives from AV in your EXE file.

gdgsupport · October 9, 2016, 9:52am

Please send us your EXE file for review. Avast is normally not affected by the problem mentioned above.

milsteen · October 9, 2016, 5:17pm

I have an .exe that McAfee claims is infected. How can I send it to you? This forum does not permit attachments.

chrischen · October 14, 2016, 4:58am

Just few days ago, I have found that McAfee dose not claims the EXE is infected.
Is that means that they fixed the issue?

milsteen · October 14, 2016, 5:06pm

I also find that the normal .exe (without outputting a separate .dll file) is working without objection from McAfee!! The crisis is apparently over.

gdgsupport · October 17, 2016, 9:30am

We reported the problem to several antivirus companies and received confirmation of false positives each time. Some of them still are slow to respond to the problem. Anyway, in the incoming HTMLEXE 4.9, we introduced a new loading mechanism which should lower false positives for people who don’t have a code signing certificate.