On Tuesday, 11 October 2016 at 06:09:03 UTC, Thomas Mader wrote:
> I worked with NSIS and InnoSetup. InnoSetup is much cleaner and easier.
> At work we switched from NSIS to InnoSetup and we create MSI packages from NSIS and InnoSetup packages IIRC.
> I think it's better to go with InnoSetup because it might be more easy and probably more powerful than building MSI directly. But I don't have any experience with building an MSI installer and the feature set of MSI.
> We are also signing the installer and all exe and DLLs inside.

I was right. We create the MSI package out of the InnoSetup executable with a minimal xml config for WiX.

On Tuesday, 11 October 2016 at 01:37:55 UTC, Martin Nowak wrote:
> Whatever makes more sense. From my very limited understanding .msi installers are natively understood installers in Windows, and the weapon of choice for robust and more professional installers.
> If innosetup is just another NSIS like tool, it might not solve all our problems.

InnoSetup is like NSIS in that it builds an .exe that does the file copying, registry writing, downloading, executing, and so forth. MSI packages are "executed" by the MSI engine built into the OS -- the logic is in the OS, the data is in the MSI package.

> We're fairly clueless here and could really use help here.
>
> Just signing the NSIS installers could work for now, any support for this hypothesis.
> I tried to submit the latest release as sample to Microsoft but their file upload had a size limit smaller than the binary.

Getting past the antivirus gauntlet is mostly about (1) signing and (2) submitting installers until they get tired of blocking you. The two go hand-in-hand because it's basically building up a history of trusted behavior.

I don't know that NSIS is any worse or better than Inno about triggering antivirus. If that's your primary goal, it might not be worth a big porting job.

Bob (co-BDFL, WiX toolset, http://wixtoolset.org/, https://www.joyofsetup.com/)

On Wednesday, 12 October 2016 at 06:39:05 UTC, Thomas Mader wrote:
> On Tuesday, 11 October 2016 at 06:09:03 UTC, Thomas Mader wrote:
>> I worked with NSIS and InnoSetup. InnoSetup is much cleaner and easier.
>> At work we switched from NSIS to InnoSetup and we create MSI packages from NSIS and InnoSetup packages IIRC.
>> I think it's better to go with InnoSetup because it might be more easy and probably more powerful than building MSI directly. But I don't have any experience with building an MSI installer and the feature set of MSI.
>> We are also signing the installer and all exe and DLLs inside.
>
> I was right. We create the MSI package out of the InnoSetup executable with a minimal xml config for WiX.

That's not an MSI installer, it's an Inno installer wrapped in an .msi package. It doesn't solve false antivirus positives because the antivirus engines simply monitor the Inno installer getting extracted and executed.

http://imgur.com/5DnCWYw

One of our guys just tried compiling and running a simple Hello World program. F-Secure jumped right in.

Code signing the compiler isn't enough. It's been a persistent problem around here with DMD generated binaries that F-Secure will pick it up. Needless to say, if this happens out in the wild with one of our games you won't want me to paste a single line from the feedback we'll get about the game not working.

Turns out we have some good contacts at F-Secure though. So I can see about getting the problem fixed at the detection level - and because of the way the security community operates, that knowledge should flush across to things like Windows Defender.

On 11/3/16 7:34 AM, Ethan Watson wrote:
> Turns out we have some good contacts at F-Secure though. So I can see
> about getting the problem fixed at the detection level - and because of
> the way the security community operates, that knowledge should flush
> across to things like Windows Defender.

That would be awesome. Thanks! -- Andrei