Open lycis opened 6 days ago
I checked a bit further. It seems that it is only the installer that gets flagged, not the installed application itself afterwards.
The installer is created by WiX 3.14 and so is not directly in our control. We have seen AV products flag various installers or uninstallers in the past, through no fault of our own: xref #1608 on NSIS which is one reason we switched to WiX in #1620.
It's not clear what could be done here without further information on where this signature is exactly and whether it's possible to avoid with WiX parameters. The theory would be that some actually malicious program used a WiX-built installer as part of itself and the AV signature looks at essentially the wrong thing, the WiX installer, and now flags any WiX-built installer?
Describe the bug Windows Defender identifies the severe PUA:Win32/Packunwan threat for DrMemory-Windows-2.6.0.msi.
To Reproduce Steps to reproduce the behavior:
Expected behavior The installer should not raise red flags with Windows Defender.
Screenshots or Pasted Text
Versions