英文:
Windows saying my msi installer is a virus
问题
当我下载我刚刚制作的MSI安装程序时,Windows会因为它被视为“病毒”,而禁用下载,尽管它只是我制作的一个简单的Python应用程序。
有没有办法让Windows信任我的安装程序?也许有一个安装程序扫描器之类的东西?
我找不到相关信息。
英文:
When I am downloading the msi installer that I just made windows disables the download because its a "virus" when its a simple python app that I made.
There is any way to get windows to trust my installer? maybe an installer scanner or something?
I couldn't find anything about it
答案1
得分: 2
就像可执行文件一样,必须对 MSI 进行数字签名,Windows 才能“信任”它。
如果您搜索 windows-installer 标签的“signing”,会有很多问答可供参考,而这份文档可能是一个很好的起点:
Introduction to Code Signing 和 Sign Setup.exe and MySetup.msi
英文:
Just like an executable file, an MSI must be digitally signed for Windows to "trust" it.
If you search the windows-installer tag for "signing", there are lots of Q&A to chew on, and this documentation might be a good place to start:
Introduction to Code Signing and Sign Setup.exe and MySetup.msi
答案2
得分: 0
以下是您要翻译的内容:
A. 像Firefox/Chrome和特别是Edge这样的常见浏览器会在您的二进制文件(EXE/MSI)未使用属于根证书的密钥文件进行数字签名时几乎立即出现警告。这些证书非常昂贵 - 所以从浏览器的角度来看,几乎所有小型开发者都有可能成为潜在的黑客...不要太担心这个问题。
B. 如果您的防病毒软件警告您,或者在线数据库将文件标记为有害,您应该非常小心。尽管可能存在一些误报,而Windows Defender会抱怨某些程序关闭了MS遥测,但这些警告平均而言可以被视为严重。您需要采取以下步骤来防止这种情况发生。
- 使用 www.virustotal.com 验证是否只有1或2个条目,还是有更多的条目,以及罪魁祸首是安装程序(msi)还是安装程序内部的实际游戏。如果您的Python可执行文件被标记为恶意软件,那么打包的msi也将被标记为恶意软件(尽管msi本身是干净的)。
- 永远不要触碰这些文件夹中的文件:“C:\Windows\”,“C:\Program Files\”,“C:\Program Files (x86)\” 以及 “C:\ProgramData”,不要在没有图形界面的情况下使用Python更改这些文件夹中的文件,“%AppData%\Renpy\” 和 “%temp%\”。
- 要小心在短时间内交替修改多个文件,因为这与勒索软件的行为相同。没有人知道您的游戏是否真的无害,他们关注的是在特定时间内更改了多少文件(想想《Doki-Doki Literature Club》,计算机怎么知道这种行为是可以接受的呢?)。
- 为您的游戏提供一个独特的图标(不是开玩笑的)。除了美观且用户喜欢外,它还会越来越不同于在线可以找到的大量恶意EXE文件。
- 对于文件描述、版本号、公司名称等等都是同样的原因 - 这样做可以提高您的可执行文件的声誉,不容易被标记为恶意软件。
- 不要运行隐藏的外部程序或抑制GUI或控制台窗口。这非常可疑,黑客通常会这样做。如果存在这些情况,请将它们全部剔除出您的项目。
- 如果不考虑财务成本,我建议每个人都从被添加为受信任的根证书的权威机构获取文件证书。使用这样的 .pfx 文件对文件进行签名就像是一张身份证,可以最大程度地减少误报。甚至UAC横幅也会变成蓝色,并告诉您一切都没问题。
之后再次使用 www.virustotal.com 进行验证,现在应该会减少条目。
英文:
You have to make difference:
A. Warning from common browsers like Firefox/Chrome and especially Edge are almost present as soon your binary (EXE/MSI) isn't digitally signed with a key file belongs to a root certificate. These certificates are very expensive - so in this way almost all little developers would be potential hackers from the point of view of browsers... Don't worry about it too much.
B. If your Antivirus warns you or online database know the file as harmful you should be very carefully. Though there might exist some false positives and Windows Defender complains about programs turning off MS telemtry, these warnings can be considered as serious on average. You have to do the following steps to prevent that.
- Verify with www.virustotal.com whether its only 1 or 2 entries or significantly more and whether the culprit is the installer (msi) or your actual game inside the installer. If your python exe is marked as malware, your packed msi will be too (though msi is absolutely clean).
- Never touch files in folder like these: "C:\Windows", "C:\Program Files", "C:\Program Files (x86)" and also not in "C:\ProgramData" without GUI. When using python limit changes to your game/save folder, "%AppData%\Renpy" and "%temp%"
- Be carefully with alternate multiple files in a short time as its the same behaviour like Ransomware has. Nobody knows your game is really harmless or not, they focus on how many files got changed in a specific amount of time (think about Doki-Doki Literature Club, how should computers know these behaviour is ok?).
- Give your game an individual icon (no joke). Besides its nice and the users are happy, it differs more and more from mass EXE files that are indeed malware can be found online.
- Same reason for file description, version number, company name ans so on - your exe earns reputation this way and won't flagged as malware so easily.
- Don't run hidden external programs or suppressing GUI or console window. Thats highly suspicious and the way hackers would do. Cut out all of them in your project if exist.
- If not for the financial cost, I'd recommend everyone to get a file certificate from authority added as trusted root certificate in windows. Signing files with such .pfx file is like a identity card and decreases false positive the most. Even the UAC banner becomes blue then and tells everything is ok.
After that verify with www.virustotal.com again, the entries should become far less by now.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论