Closed jmiserez closed 6 years ago
rahmanusta
commented
6 years ago Hi @jmiserez, the installer is generated by install4j but I didn't get the message before as you said. Which software analyzer gives this message? What is inside of this data? @ingokegel do you have any information about it?
ingokegel
commented
6 years ago The installer would not write to a file TmEncryptTemp.000 unless you have such file names in your distribution tree.
jmiserez
commented
6 years ago After some more googling, I think it's probably a false positive. TrendMicro (the virus scanner) encrypts all files it quarantines, and seems to name them TmEncryptTemp.xxx (Tm as in TrendMicro?). I don't know what part of the installer sets TrendMicros "anti-ransomware heuristic" off, but it may just be the unzipping/unpacking/decompression.
If it installs clean on your machines, I think we can close this issue. Apologies for the confusion.
The Windows installer is detected by as ransomware/malware during install. Usually I'd just assume it to be a false positive, but the reason given is strange: The install/uninstall writes encrypted data to a file "TmEncryptTemp.000". I got the installer from https://github.com/asciidocfx/AsciidocFX/releases/download/v1.5.9/AsciidocFX_Windows.exe (via https://www.asciidocfx.com, effectively downloaded file was served from https://github-production-release-asset-2e65be.s3.amazonaws.com)
What is the role of the file TmEncryptTemp.000 during the installation process?
EDIT: Other Install4J-based installers (SoapUI) don't write such a file.