Hi @FlyingRaccoon and Asobo team,
Version: *SU/AAU/WU 14
Frequency: Consistently
Severity: Blocker
Bug description:
We had to remove our wasm file from our zip we give out to our customers because Windows Defender flags the wasm file as a virus. The MS team told me to report this to you guys for testing. I surley can’t be the only dev now reporting this. The same wasm file in our project is the one from our Cessan 414. So you can test that file. We are hoping you can get Windows Defender to update their sodtware so we can get our file included in our project again.
Update. We have figured out it is NOT the wasm file. Some exe installers when including flight sim XML files or the wasm files will then get flagged from Windows Defender. For now we stopped using an installer. We find this annoying and hope you can reach out to Microsoft as they told us to contact you through this SDK support. This deserves some attention. Never in the years of giving out products to customers using an exe did this happen until now.
Other devs are also reporting this on the Microsoft Forums.
Hi @Flysimware,
What kind of installer are you using ? Are these installers signed ? Would you be able to send one of these installers to us ?
I have to say that when an antivirus decides to mistakenly flag a file, the problem should be reported to the antivirus developer - not the person who developed the application that was used to create the bundled files.
Anyway, I’ll discuss this with our Microsoft contacts when I get more information about these installers.
Best regards,
Eric / Asobo
Hi @EPellissier,
We have tried 2 types of installers.
Setup factory and Advanced Installer.
Setup factory we have been using for years with no issues.
Both of these have been around for years. I have never had to sign our software in the past and do not think this will fix this issue.
The last few weeks if we added the wasm file it flagged. Now if we add an simple XML file it flags. If I use other types of files it does NOT flag.
When we include only the files for our product without the exe to Microsoft Security Intelligence it does not flag. But with the exe it does flag when you have XML or Wasm files included. So I assume Defender they made some changes that are causing this.
Hello @Flysimware ,
Yes, it’s possible the recent MS Defender virus signature databases can cause this (unfortunate) side effect. I used to pack products using both Inno Setup and Advanced Installer, and had no virus alert issues, especially with WASM. I can’t give you an opinion with Setup Factory because, although I know about it, I don’t own a license of that software.
Though, I had a third-party antivirus at the time of building my installers, because MS Defender is a headache for me, not to mention that I think it’s a bit unreliable.
I’ll try with an installer I made for my E110 back in 2022, which as a WASM module on it, and check if it’s the virus database or not.
Regards,
Carlos Gonzalez
NextGen Simulations
1 Like
@Flysimware - in your last post you referred to “the exe” - is it the WASM module you are calling an EXE (it is not)? Or do you also include an EXE in your installer?
Best regards,
Eric / Asobo
1 Like
No i am NOT calling the wasm file an EXE. The EXE refers to the installer itself. The installer is what the user runs and was created from the Setup factory software.
Hello @Flysimware,
Please apologies for responding to this issue after almost two months, I had little to no time for testing on my enviroment what I told you in my reply back then:
I scanned my production (live) EMB-110 package, as well as the only WASM module the package has (a digital gauge), using a VMware virtual machine running Windows 11 Pro Insider Preview Build 26080, because I have a third-party antivirus installed on my physical desktop and laptop computers and I disabled Defender on both on purpose. It is running with Microsoft Defender as the main antivirus solution, with up-to-date virus signature database updates. I had no flags, please check the screenshots below:
IMO, I think Defender might trigger such issue if the WASM module(s) included within the package contains more complex code, or if a third-party WASM-compatible library is embedded within the module. Not to mention that, of course, no software in this world is perfect (antivirus included). On my side, I tested with a simple WASM gauge (which is what my E110 has) and I had no flag alerts, so I can discard issues with the virus signature database, for now. I do not know if this was solved at some point, though.
Regards,
Carlos Gonzalez
NextGen Simulations
UPDATE:
My installer issue is gone. Seems it could be caused from the type of compression used. I found one of my older projects was not getting flagged and it was using different compression settings. Not 100% sure on this or Defender fixed itself on their end with out the need of users updating. So wasm and XML files has nothing to do with this strange false positive I was getting.
1 Like
Umm I never thought the compression algorithm could cause a false positive issue like the one you experienced. Since I mostly use either the ZIP or LZMA algorithms when packing up my products using a installer, I never had this issue. But, as far as I know (and please correct me if I’m wrong), Setup Factory also kinda “compresses” the installer’s EXE as well, not just the files you include within, for further reduction on file size, so that possibly can be.
Anyway, I am happy to hear you @Flysimware could finally sort that out 
Regards,
Carlos Gonzalez
NextGen Simulations
1 Like
