One of our customers tried installing our Windows Application on one of their
computers and their antivirus software complained. They in turn complained to
us, so we had to find a solution. I am documenting the solution here.
Possible Causes
Antivirus engines may find a certain file suspicious for many different
reasons. The most obvious reason is the file containing a byte pattern which
has been encountered in some known malware. Unfortunately, this does not
necessarily mean that the file is infected; it may simply be a coincidence.
Furthermore, many other checks performed by antivirus engines tend to fall
well within the spectrum of paranoia. It appears that some particularly
paranoid antivirus engines will flag an executable as malware simply because
it has not been code-signed or strong-name-signed, or because it has undergone
obfuscation. Our application checked both of those boxes. Your mileage
may vary.
How to Troubleshoot
The first problem that you are likely to run into when troubleshooting issues
of this kind is how to tell whether your application is passing antivirus
checks or not. Obviously, the antivirus suite at the company that I work for
was not finding anything suspicious with our application, or else we would
have certainly noticed; however, a couple of antivirus suites that our client
was running were taking issue with it. I did not have access to the antivirus
suites that our client had, and even of I could somehow get my hands on them,
I would not be able to install them on my machine, because the antivirus suite
which had already been installed on my machine by our IT department played god
and did not allow me to touch it.
Luckily, there is a website that provides a solution to the problem. It is
called virustotal.com, it aggregates a large number of antivirus engines, and
it allows you to upload an executable and see what all these engines think of
it. It is quite famous in the security community.
Unfortunately, checking an application with virustotal.com is not an exact
science, for many reasons.