
AskHN: As developer, avoid .exe to be “File might be dangerous” by antivirus - josephernest
I sell an application, that people download from my website, in a zip. They unzip it, and run the .exe.<p>Then Avast does a deep scan of the file and an alert &quot;This file might be dangerous&quot;.<p>How to avoid this?<p>Things I have tried, that don&#x27;t solve the problem:<p>* Have proper resource.rc file in Visual C++, with details about the .exe: BLOCK &quot;StringFileInfo&quot;, VALUE &quot;CompanyName&quot;, etc.<p>* Use makecert, certutil, &quot;signtool&quot; from Windows SDK<p>Things that won&#x27;t work:<p>* Add to local avast exclusion (I can&#x27;t ask every customer to do this!)<p>* Redo a &quot;Submit file to Avast Lab for scan&quot; for each new build of the .exe. It&#x27;s not scalable to have to re-submit the .exe to Avast (and all other antivirus software) for each new build.<p>How do you handle with that?
======
al2o3cr
You mention code-signing above, but are you certain it's being done with a
root certificate that the AVs trust?

Hard to troubleshoot otherwise without more detail; are you using any unusual
code-compressing or code-obfuscating in the final binary?

~~~
josephernest
No code-compressing or obfuscating used.

> You mention code-signing above, but are you certain it's being done with a
> root certificate that the AVs trust?

How to do that? What certificate do you usually use / which signing software?

~~~
al2o3cr
Found a reasonable-looking writeup:

[http://www.davidegrayson.com/signing/#choosing](http://www.davidegrayson.com/signing/#choosing)

