Ok, turning off the Anti Virus completely during installation, may solv the problem, but SAPE.Heur.54ba will be on my computer then.
You are assuming that, *because* Norton said there is a virus in that file, it's true. That the main issue: it's a Norton BUG, there's no virus anywhere inside any of our files.
And as far as I understand, it is a heuristic behavior detection. So the question remains, what the hell is it good for ?
You mean what heuristic behavior detection is good for ? Nothing. Is advertised to be a feature that enables the antivirus to detect new virus before they are catalogued. In practice, it only increase the chance of false positive.
Or in other words, what is the Installer doing with it ?
Nothing, of course, it's a Norton bug.
And it is not only Norton who are warning to accept this kind of virus.
That's not the case.
Here's the report by virustotal.com on Couatl_Updater.exe file, NO antivirus detects it as a threat:
https://www.virustotal.com/en/file/8d1e2804908945d83a9b2e8c3f13dbc27df9d7a74168f0f566d8fc45cf39035a/analysis/Here's the report by virustotal.com on Couatl.exe itself, 4 antivirus out of 55 are getting a false positive but, surprisingly, Symantec is NOT one of them:
https://www.virustotal.com/it/file/7322493831eb6ba32a6b8c16452b967b1c089ba2ffe7b2f69602c832cced9e2d/analysis/1418563556/... once it is executed has the capability of replicating itself and infect other files and programs. These type of malware, called Viruses, can steal hard disk space and memory that slows down or completely halts your PC. It can also corrupt or delete data, erase your hard drive, steal personal information ....
If that virus was present, then yes.
If Norton is wrong it should not be difficult to clearly explain the need to have it in order to run FSdreamteam software ?
Of course it's wrong. An no, it's not "easy" to clearly explain to them to fix their bug, BECAUSE the perverse methodology the heuristic search works.
We contacted Symantec MANY times, sending samples of our files many times. Their reply is always the same, following these steps:
1) First, they deny their product detects that file as a threat. In fact, as you can see from virustotal.com, both files, taken independently, are NOT detected as threats by Symantec products.
2) We reply back with an explanation, that our Live Update system *downloads* that file, and all our installers downloads it too, and the way their bugged heuristic works, is they flag ANOTHER program to possibly be a threat, just because it *downloads* something that once WAS flagged as a threat.
3) They understand, and they reply they'll whitelist the program on their next Live Update.
This usually fix the issue temporarily, but after a while, they come up with a new update, that find a new kind of threat, always heuristically of course, because there's NOTHING wrong in the files.
The real reason is that, BECAUSE our programs are heavily encrypted in a way that nobody can peek inside them. Surely not an automatic antivirus program can figure it out what's inside. This protects us AND users as well: would you trust a product that allows you to buy directly in the sim typing your personal details including credit card info, if it WASN'T protected against tampering ?
So, BECAUSE Norton can't see what's inside the file, it assumes it "must" be a virus, based on behavioral patters: it protects itself against tampering. It downloads something. Then it MIGHT be a threat, because this is what trojan horses usually do.
That's HEURISTICS at work: they don't have the faintest idea what's inside a program, but since it appears to do things that sometimes trojans do, it might be one.
The issue is, since each and every of our installers downloads the Couatl.exe and the Couatl_updater.exe files, ALL of them might be heuristically detected as threats, so we should probably send several GBs of samples to Symantec EACH time we update something, which is really too time consuming, when it's clear their own fault.
The only sensible option for user is either:
1) Stop trusting Norton so blindly, and just exclude the files from scanning.
OR
2) Use a more reliable antivirus, one that doesn't require any configuration to begin with. Like the free and always updated one from Microsoft, for example.