Conflict between html Executable and Trend Micro (SOLVED)

Conflict between trial version of html Executable and Trend Micro?

Running Windows XP Pro SP3

I trialled html Executable a while ago and decided to revisit it. Downloaded version 4.1.
Previous trial worked well - which is why I decided to have another look and then buy the software.
However, I have come across a serious issue that I would like to understand before I proceed with purchasing html executable:

I built a trial book using a simple html website template as the source files. The book (test.exe) compiled, but when I tried to run it the following happened:-

html Executable trial banner loaded. I selected OK and then my Trend Micro Titanium Max security software flagged test.exe as Suspicious and terminated the file. The Trend log showed it terminated the file because of “Unauthorized Change PRevention.” Detected Resource or Process ID: ZwCreateMutant.

I added test.exe as an allowed file in Trend Micro and re-ran the file. test.exe then opened and perfomed as expected, however, after having run test.exe, none of my browsers would connect to the internet. The only way I could connect to the internet was to reboot my computer.

After the reboot, I could connect to the internet. I ran text.exe again and the same issue repeated - neither Chrome nor FireFox would connect to the interner. Reboot - all OK again.

Stage2:

Compiled a new book (test2.exe) using a different html website template as a set of simple sournce files. test2 complied OK.

When I tried to run it, Trend Micro flagged it as suspicious and terminated the execution of the file. Same Trend log as for test.exe - terminated the file because of “Unauthorized Change PRevention.” Detected Resource or Process ID: ZwCreateMutant.

Any help on resolving this would be appreciated.

It looks like a false positive of your Trend Micro program (see http://en.wikipedia.org/wiki/False_positive#Malware => false positive). Have you tried to contact them so that they can fix their signatures?

Hi,
I’ve had a similar problm with Norton 360. I also have a further problem that when I publish, all the images are missing?
I tried updating the executable program to the latest version, with exactly the same issues.
I have tried using a competitors product and that has similar issues except it reports there is a problem whereas Excecutable says the fle has been succesfully created?
There has been a Windows 7 update, so could the problem lie there?
I have reported this using the normal nethods but I have not had any response yet.
This problem is happening on separate computers with fifferent operating systems, so I’m sure others must be experiencing problems.
Any help appreciated,
Kind Regards,
Tom

We lack information about the project you’re creating: how are your images embedded in HTML code? Could you please post a sample page with HTML code so we can reproduce the problem?
Others may not get the same problem because it depends on the way you created your website and added image files…

Hi,

I contacted Trend Micro by phone and talked to one of their support people.

It appears that the problem is coming from Articulate Engage, I moved the folder and now there is a confusion regarding the root file. I will delete and retry, thanks for getting back to me! It is appreciated,
Kind Regards,
Tom

Could you please tell me how you have reported this issue to Trend Micro? Did you use
http://subwiz.trendmicro.com/SubWiz/Wizard.asp?opgWizard=7 ?

We are taking care of false positives from antivirus programs, the problem is that some antivirus companies do not recognize that the problem lies in their antivirus program.

If you are worried about your customers, you could post a note on your website about Trend Micro and the fact that their software detects a false positive in your ebook. You could also post your ebook file to http://www.virustotal.com and show to your customers that other antivirus programs do not detect something.
For instance, see https://www.virustotal.com/file/d3b25c2b755f2f4cfd0ea381f631c571a2391c1d099da45a5ca086b37efefa90/analysis/1329829296/
Detection ratio: 0 / 42, even TrendMicro…

Dear G.D.G Software support team,

Of course, Trend Micro simply threw the problem back as an issue with HTML Executable, so I can go round that loop for ever. You say it is a false positive and Trend Micro have to change their signatures, and they say it is an issue with your software and I should contact you.

As Trend Micro is one of the more common and popular anti-virus protections, this is still a cause for concern. It means that if I distribute a book generated with html Executable and a customer uses Trend Micro protection, I have to instruct them to disable this setting in their anti-virus software:

“Check if programs try to make unauthorized changes to systems settings that could threaten your security.”

If this default setting is disabled, the html Executable .exe will run unhindered.

The implication being, that the (book.exe) is trying to make unauthorized changes to the customer’s security settings. This would worry me as a customer and I am sure it would concern others too. Why should they reduce the level of security on their system just to run a book produced by html Executable. I fear people asking for their money back! And some bad press for the author selling books that demand a reduction in the customer’s system security in order to run!

Perhaps it would have more weight if someone from G.D.G Software took this up with Trend Micro, rather than leaving it up to a customer to sort out. I know that if I were in G.D.G SOftware’s shoes and this was reported to me I would certainly be hurrying to sort out the issue.

Best wishes,

James.

OK. I’ve found a way to contact Trend Micro but first I need to know:

  • does this error happen with any EXE you generate?
  • could you please test the EXE files that come with HTML Executable (hehelp.exe in the Documentation subfolder or hehvdemo.exe in the Samples subfolder)?

The error you described may appear in some specific case only, as for instance, trendmicro on virustotal did not trigger any false alarm…

Hello,

Well - I have some good news for you, after the latest virus updates it would appear that this problem has been resolved, which suggests Trend Micro listened after all. However, I will test this out over a few days just to make sure. For your info, the problem occurred with any exe output I generated and also with your sample book Peter Pan. However, it did not affect hehelp.exe or hehvdemo.exe.

I appreciate your attention to this concern I had.

Thank you for the follow-up!