According to www.virustotal.com my exe has many viruses.
On that site see SAH256: 481126329632905f213ab6f04dbeff8af479c173fbea1a6c8e179c47c24f2083
Could all of these possibly be false positives? All the supporting html files are clean, according to McAfee, MalwareBytes, and Hitman Pro. Also, HTML Executable’s directory with all its libraries are clean. (All three products did a complete scan of my computer.)
Yesterday, I spend about 6 hours on the phone talking with four consultants from McAfee who took remote control of my computer and tried to eliminate the virus. They were kind of split: some believed I really had a virus in my executable, and some believed that McAfee was picking up a false positive. Regardless of the answer to that question, I cannot possibly distribute a file that McAfee thinks, correctly or not, is infected. Still stuck.
The plot thickens. I just created the simplest possible website - one with only one page. Compiled it and created an exe file. McAfee immediately quarantined it. This proves that what McAfee is objecting to is not in the content of my original website.
Yes, we were able to get the same false positive with McAfee. It’s indeed a false positive, and we reported it to McAfee too. Now people from McAfee must identify what in their product could cause this false positive.
About other antivirus programs listed on virustotal: they are not widely used and have the same false positive problem. It is generally some pattern in the EXE that can cause antivirus programs to flag it as a possible virus. Unfortunately, antivirus companies don’t tell us what pattern could be the problem.
Finally, did you consider code signing your EXE file? This will also give more trust to your ebook applications.
I believe that any executable under attack by McAfee is undistributable. I can’t scare users by telling them, "If you have McAfee, turn your virus scanning off while using this program."
However, I do believe that HTML Executable is the best program of its type on the market. I have not found any other that can handle colors in alternative stylesheets correctly. The interface is also excellent. I am just hoping that 4.9 will eliminate whatever pattern McAfee finds suspicious.
Be sure to code sign your EXE files to lower your false positive rate. And code signing will give trust to your end users.
HTML Executable can code sign EXE files automatically when you compile your publication, see the documentation.
Finally, if you can’t wait for a fix from McAfee, here is another solution:
This will remove the patterns that McAfee dislikes from the EXE file. But you’ll have to distribute two files: an EXE and the associated DLL file. You can zip them or package them as a single EXE file installer with Paquet Builder 3.
This same problem is occurring with Avast, which is a very widely used antivirus system. It won’t open the exe file and deletes the file. It checked out my source files and no viruses could be found
I like the features of HTML Executable, but unless this issue can be resolved it makes HTML Executable basically unusable.
Actually someone misused HTMLEXE to create an EXE that triggers these false positives. We’re working with the AV companies to solve the problem. Until that, use the workaround explained above, you won’t get false positives from AV in your EXE file.
We reported the problem to several antivirus companies and received confirmation of false positives each time. Some of them still are slow to respond to the problem. Anyway, in the incoming HTMLEXE 4.9, we introduced a new loading mechanism which should lower false positives for people who don’t have a code signing certificate.