Antivirus false positive - signing certificate (SOLVED)

I think, you must tell people that they must pay for signing certificate after the buy your software (HTMLexecuteable) and its price is hundreds of dollars (and hours, and paperworks …).

My customers ask me - why their antivirus software alert them. They think my software (exe compiled with HTMLexecuteable) is infected with virus. This undermines my reputation. But I don’t want to pay for signing certificate.

When I compile web page with eBook Pack Express - there is no problems with antivirus softwares. It’s software similar to yours but with less potentiality.
When I make an exe file with Visual Basic 6 or MS Visual Studio .NET - there is no problems with antivirus softwares.
Only exe files compiled with HTMLexecuteable are problematic. I think you could make your software to compile non-problematic exe files (if you want…).

(I could send you eBook Pack Express to see that I’m not lying).

If you get a false positive, you can also report your problem to the antivirus company so that they will fix their signatures.
You could also post the antivirus name in this forum, like others did.

False positives are common with antivirus programs. See:

Yes, buying a certificate can help: a certificate can cost hundreds of dollars like you said, but you also have vendors that sell certificates for less than $100 per year.

I think I have found the possible reason why some antivirus programs trigger false positives: EXE files produced with HTMLExe use some security features against crackers. We could remove them, but would you be OK if we remove these security features from your EXE files?

[quote=“gdgsupport”]If you get a false positive, you can also report your problem to the antivirus company so that they will fix their signatures.
You could also post the antivirus name in this forum, like others did.

False positives are common with antivirus programs. See:

Yes, buying a certificate can help: a certificate can cost hundreds of dollars like you said, but you also have vendors that sell certificates for less than $100 per year.

I think I have found the possible reason why some antivirus programs trigger false positives: EXE files produced with HTMLExe use some security features against crackers. We could remove them, but would you be OK if we remove these security features from your EXE files?[/quote]

Avast, PCTools and Norton (by Symantec) trigger false positives (I make a test with http://www.virustotal.com Result: PCTools - HeurEngine.ZeroDayThreat; Symantec - Suspicious.MLApp).
It would be nice, if we have two options (with protection against crackers and without protection ). In my case, I’m using the program like a browser (all files are on remote server). I don’t need protection against decompiling and I don’t use features like password protection…
Add option to turn off these protection features in the next reslease, if it’s not to complicated for you. I think it’s a good idea.
Because users are suspicious and who can blame them?

I’ll see but I can’t guarantee anything. In your test results, “heuristic” or “suspicious” words appear so it seems that your program is just “suspicious”. End users could also blame their antivirus program: companies could make a difference between real threats and suspicious cases only based on some sort of guess.

Version 4.1.0 (December 22nd, 2011)

HTML Executable now generates real stand-alone EXE files. Previously, the runtime module was only merged into the EXE file and it was unpacked to the temporary folder at runtime. This behavior was misinterpreted by some antivirus programs.

This is great, thank you guys, you are awesome!
You save me a lot of money for Code signing certificate and paperworks.
Merry Christmas :slight_smile: !!!

Oh no,
the fcking Avast Antivirus wants to start the exe file in its fcking sandbox.
I’ll email to these incompetent guys and will ask them - what’s their f*cking problem.
Anyway Merry Christmas!

Great. Merry Christmas to you too.

I know why some antivirus programs get false positive.
The reason is that HTMLEXE attaches compressed html files to another exe. It’s seems like an infected exe file for that reason.
You have to change something in this attaching method. There is no matter that I have a signing certificate or not.
SOOOORRY for my English.

Please post the names of these antivirus programs. I don’t think it is the attaching method, because any setup program tool or SFX tool uses it… Maybe it is more related to the EXE structure.

The result for compiled exe (it is compiled with HTMLEXE 4.1):

https://www.virustotal.com/file/711f8e9ecdba35e38ce31cfef37f9dd16881628b661e9756b9b8dcdc838df6eb/analysis/

It is suspicious for Avast (it tested on my system).

When you click on the link you provide, there is no result for Avast.
For the others, it looks like 3 of them share the same signatures… I’ll see whether it triggers the problem with other publication samples.

I said that I tested HTMLEXE with Avast on my system, not with virustotal.
Avast wants to open the EXE in its vitrual box (this means that the EXE file is suspicious for some reason).
Avast is free, you could try, if you want.

Well, I’ll see whether we can contact Avast. Maybe they will be able to fix the problem based on the EXE structure…

I just run a test on virustotal and got no positives:

https://www.virustotal.com/file/5a7ee1c006528e4d0e7fa98f47efb972b0b3dc992f1d08fb8542a78df60f1d2d/analysis/1329338812/

This is a file I built last week with HE4.1. It seems that there are no issues.

Charco

[quote=“charco”]I just run a test on virustotal and got no positives:

https://www.virustotal.com/file/5a7ee1c006528e4d0e7fa98f47efb972b0b3dc992f1d08fb8542a78df60f1d2d/analysis/1329338812/

This is a file I built last week with HE4.1. It seems that there are no issues.

Charco[/quote]

I’m agree,
I run a test too, no positives now:
https://www.virustotal.com/file/0b2c64fb3bc8351ee60f739ccd1a760b643eb23dec2e4b915e8aa058ba969f5d/analysis/1329340635/

Only problem is now, that Avast wants to open the EXE in its vitrual box and we are ready to go … :slight_smile:

Have you tried to contact Avast too? If several persons contact them about the same subject, they will be more willing to solve that problem…