I recently observed that Setup files created with WinRar have a high false positive detection rate from antiviruses.
Here are the conclusions of some test I made, in order to reduce the false positive rate:
RAR version SFX module Detection ratio
WinRar 3.11 32bit 1/66
WinRar 4.2 32bit? 3/66
WinRar 5.50 32bit 6/67
WinRar 5.50 64bit 1/67
Notes:
The detection ratio is not affected by the 32/64 bit version of WinRAR program at all.
However, it is strongly affected by the SFX module used.
The test file created with WinRar was named Setup.exe and it contained a single URL file in it.
In one test, the Setup file was packed with UPX. This reduced the detection ratio from:
8 false positives to only 4
6 false positives to 6 (no reduction), in other case
A program built in Delphi raises more false positives if the ‘Compiler optimizations’ is on.
Using WinRar 5.71 64-bit is giving me a very high detection, which is how I found this list. Trying WinRar 3.11 worked for me. Thank you.
Also I noticed that hiding the extraction dialogs will increase the false positive detection rate. With Zip 64bit and WinRAR 6.02 while keeping the dialogs on, I was able to create a SFX that will unpack my small program to a temp location and execute an exe together with its dlls while achieving a detection rate of 0/66. The only downside is that now on launch the extraction dialog will show up for a second, but that is not really a problem.
I also tried ILMerge, Costura.Fody and 7zip and they all created false positives.
I like your all post. You have done really good work.
Thank you for the information you provide, it helped me a lot.
/winrar-crack-free-download-latest-version