Author Topic: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?  (Read 4243 times)

0 Members and 1 Guest are viewing this topic.

Offline matthias.meulien

  • Newbie
  • *
  • Posts: 7
FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« on: March 29, 2016, 07:38:31 PM »
Hi,

Downloads of our software installer from our website is blocked by Avast! protection.

Our software installer is  build with NSIS version 3.0b3-1 under MSYS2+MINGW64 shell.

According to www.virustotal.com, Avast! suspect the presence of Win64:Evo-gen (database update: 20160329) in the installer. No problem is detected when checking our software (without the installer).

How to fix this? Filling a false positive form is not possible as our binary is > 10Mo...




Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36760
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #1 on: March 29, 2016, 07:45:00 PM »
Quote
Avast! suspect the presence of Win64:Evo-gen (database update: 20160329) in the installer.
no, as Win64:Evo-gen [Susp] = Suspicious

Submitting False Positive   https://www.avast.com/false-positive-file-form.php

if to big  >>  https://www.avast.com/faq.php?article=AVKB160

Contact avast support  >>  https://support.avast.com/support/tickets/new



« Last Edit: March 29, 2016, 07:48:17 PM by Pondus »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31344
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #2 on: March 29, 2016, 11:39:58 PM »
https://forum.avast.com/index.php?topic=180959.msg1280014#msg1280014

Compile the installer separately in all the compression types NSIS is using and check which one is giving the problem.
I suspect that ZLIB gives the problem.

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2197
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #3 on: March 30, 2016, 09:19:01 AM »
Hello,
can you provide the link to virustotal scan results, please?

Thanks,
Milos

Offline matthias.meulien

  • Newbie
  • *
  • Posts: 7
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #4 on: March 30, 2016, 08:13:26 PM »
Quote
can you provide the link to virustotal scan results, please?

Here it is:

https://www.virustotal.com/fr/file/cc6a712710eec43d80bc1f8d35c9fa078f8e1d96a72ee812a7234c1f1d723585/analysis/

Offline matthias.meulien

  • Newbie
  • *
  • Posts: 7
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #5 on: March 30, 2016, 08:26:57 PM »

Offline matthias.meulien

  • Newbie
  • *
  • Posts: 7
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #6 on: April 06, 2016, 11:39:28 AM »
Unfortunately Avast FTP server seems to be broken...

Downloads$ ftp ftp.avast.com
Connected to ftp.avast.com.
220 Welcome on ftp.avast.com.
Name (ftp.avast.com:matthias): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd incoming
250 Directory successfully changed.
ftp> put myname@mycompany.com.zip
421 Service not available, remote server has closed connection
ftp: No control connection for command

Offline matthias.meulien

  • Newbie
  • *
  • Posts: 7
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #7 on: April 06, 2016, 06:04:38 PM »
https://forum.avast.com/index.php?topic=180959.msg1280014#msg1280014

Compile the installer separately in all the compression types NSIS is using and check which one is giving the problem.
I suspect that ZLIB gives the problem.

Done: Whatever the compression (zlib, bzip2, lzma) the setup is blocked!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #8 on: April 07, 2016, 01:41:57 PM »
Open the menu Start-> Right click of the mouse->properties->remote settings
Make sure this box is checked
Allow Remote Assistance connections to this computer-> Press OK

not to interfere during the upload process disable resident protection temporarily

http://www.getavast.net/support/turn-off-shields

Download the winscp577.zip portable and save to your desktop
decompress run WinSCP.exe

follow the instructions
https://www.avast.com/faq.php?article=AVKB160
« Last Edit: April 07, 2016, 01:47:57 PM by jefferson sant »

Offline matthias.meulien

  • Newbie
  • *
  • Posts: 7
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #9 on: April 08, 2016, 06:34:14 PM »
(...) follow the instructions
https://www.avast.com/faq.php?article=AVKB160

Thanks. It's done: The file has been uploaded to Avast FTP server.

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #10 on: April 08, 2016, 11:16:16 PM »
(...) follow the instructions
https://www.avast.com/faq.php?article=AVKB160

Thanks. It's done: The file has been uploaded to Avast FTP server.

Great.If the ticket was created you waiting for response customer service.What is the ticket number (ID)?
« Last Edit: April 08, 2016, 11:39:48 PM by jefferson sant »

Offline matthias.meulien

  • Newbie
  • *
  • Posts: 7
Re: FP: How to fix Win64:Evo-gen [Susp] on NSIS build installer?
« Reply #11 on: April 11, 2016, 12:15:45 PM »
Great.If the ticket was created you waiting for response customer service.What is the ticket number (ID)?

https://support.avast.com/support/tickets/261775