I tried to download trial and McAfee Virus checker flagged it for virus

arcman · October 10, 2024, 6:32pm

I tried to download trial and McAfee Virus checker flagged it for virus. Can you please advise?

arcman · October 10, 2024, 6:35pm

File flagged was Arrangerking-Win.exe
item was
ti!4a37831a0f8a

fritslyneborg · October 10, 2024, 7:48pm

Phew… The best advice I can give here is to not use McAfee but use Window’s own Defender (built-in to Windows 10/11), enable Real-time Protection.

Many people (including the late John McAfee, author of the program) argue that it in itself is a virus.

When a small company release an installer, we can chose to pay for a Microsoft validation, and I have done that with ArrangerKing. As you may see, it is signed.

However, because of the relatively small volume, and the relatively high software update rate, Windows signing system cannot keep pace, so windows will still give a popup like a blue or purple “Windows protected your PC” or something, and you have the option to click “more information” or something, and then “install” or something like that.

I presume because of this, McAffee flags the software.

When you download it, it is build on GitHub without any developer’s machine being in contact. It is very unlikely that it can be infected.

I’ll try and poke to Microsoft and ask if they could please speed up with their validations, that’s the best I can do. And assure you that I have not heard from anyone else that any anti virus reacted.

fritslyneborg · October 10, 2024, 7:52pm

Well… this is the advice I get:

… facing an issue with Windows SmartScreen warnings despite having your software digitally signed. Even with a code-signing certificate, SmartScreen can still flag new software because of a lack of reputation, which builds over time as more people download and use the application.

Here are a few steps to help mitigate this issue:

Build Reputation Over Time: SmartScreen relies on a reputation system that improves as more users download, install, and run your software. Encourage users to proceed with the installation despite the warning, as this will gradually increase your software’s reputation with Microsoft.

fritslyneborg · October 10, 2024, 7:55pm

If you get a popup and you ask for “more information”, and it has this on it, you are good:

That’s the digitally signed (very expensive) Microsoft signature on the software. And as written, it is build with no human involved automatically on Github, fresh to your download

fritslyneborg · October 10, 2024, 8:18pm

Sorry for the long answer here, but now I managed to also submit the file again to Microsoft, I hope they will speed up

arcman · October 10, 2024, 8:51pm

Thanks for your reply. Please advise McAfee to remove their scan results.

fritslyneborg · October 11, 2024, 3:30pm

Done, they say it may take some days… I send them your code, thanks for the details.

arcman · October 11, 2024, 4:15pm

Great! Thanks for doing that.
McAfee is a popular product, and I do not get many false positives from it. I have 70 plugins on my Cubase Pro setup, and have not had any red flagged before.
It will help other customers who are trying to download your product.

fritslyneborg · October 12, 2024, 12:28pm

Ta-Dah!!

arcman · October 12, 2024, 3:40pm

Great! Thank you very much!