faq:antivirus-false-positive

Action unknown: addtobook
Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

Anti Virus detects HippoEDIT installer as a virus or malware

It may happen that your antivirus program detects HippoEDIT installer (file hippou_NNN.exe, hippo64_NNN.exe, hippo_NNN.exe) as possible virus or malware. This happens periodically, that one or another antivirus program detect it after new build/release is published. Antiviruses now use heuristic methods to detect new viruses/malware and so normally give you only a guess. It also plays a role in the detection, how many users already executed the file (statistic virus programs collect) and how old is the file. While HippoEDIT updates rather often (new builds), it often happens that the file is young, or there were not too many users already worked with the installer.

HippoEDIT uses NSIS installer for building setup file. And antiviruses actually analyze its code, but not of HippoEDIT. For some builds (without updating NSIS) the result of antivirus may be positive, for another negative. Maybe this is because one program contains another program inside (NSIS installer → HippoEDIT files) or by some other reason.

We periodically send information about false positives to antivirus companies and sometimes it goes through. But in most cases just ignored. And doing this for each build is a rather big effort, without predictable result.

But if you have downloaded the file from HippoEDIT website (www.hipoedit.com) it is most probably a false positive. To verify, that go to Virus Total, upload installer file there and run the check. The installer will be checked by more than 50 antivirus programs and will generate the report. If a majority of programs do not detect problems - you may be sure, your report is the false positive.

Sorry for such inconvenience. We are trying to do and sell a good and it is not in our interest to put some malware inside.

As written, antiviruses using heuristic methods for detection, and a result can be different for same data just repacked differently. If antivirus program blocks the installer downloaded from hippoedit.com download page, try an installer with debug information from the forum: http://forum.hippoedit.com/beta-version-test/. The only difference of this installers - they contain extra files (*.PDB) with debug information used if application crashes. Performance is the same as with standard installer.

Symantec Anti-Virus

The Symantec Norton Antivirus regularly detects HippoEDIT as suspicious software, while they use heuristic detection on “machine learning” technologies, that does not know but just guess. It can be something like “Heur.AdvML.B” or whatever similar. The potential way solve it - whitelist:

But this applies only to single installer file: it shall be repeated with any next build and every installer variant (x86/x64). Sorry, I am not always so far to go and submit it to every AntiVirus provider after each new build :/

Another workaround I see for this case: create a separated download folder, disable checking of it by Symantec Anti-Virus and download HippoEDIT installer to it manually, from the website.