How to make a .NET windows service install without antivirus problems

views:

288

answers:

+1 Q:

How to make a .NET windows service install without antivirus problems

Hey guys,

I'm making my first windows service in C#, at the moment a pretty innocent looking thing that doesn't do anything yet.

However I find when I try to install it, either using a standard Setup project in Visual Studio, or using the simple "self-installer" outlined here, our company's antivirus won't allow installation because it is a "suspicious looking service" (HIPS/RegMod-013).

Now, this doesn't happen with services that come in every other third-party service I've installed. What could it be about my service that probably makes it look suspicious? I tried signing the assemblies as well (just using a VS-generated key file), but no luck.

Anyone else experienced this? Any ideas?

According to the SOPHOS site it is upto you wether or not it is going to continue installing. As this is picked up by the SOPHOS behavioural engine I wouldn't think that there would be a way around it, except for stopping SOPHOS during the install.

You could of course try a different Anti-virus program, or if this isn't an option then just include the SOPHOS screen in your release/install instructions.

David McEwing 2009-06-03 01:05:53

Yeah, I'll do that as a last resort. But there must be something about my service that makes it look like malware, that every other service on earth doesn't have. And considering it does nothing I thought maybe something in the assembly properties or security or something.

Gavin Schultz-Ohkubo 2009-06-03 01:10:43

Maybe. It might be as simple as a vendor whitelist SOPHOS maintains.

Michael Petrotta 2009-06-03 01:14:36

Maybe SOPHOS have updated their engine recently.

David McEwing 2009-06-03 01:22:10

what your OS? i guess it is because your anti-virus software, may be you can change the setting. try.

cjjer 2009-06-03 01:11:49

Vista. But as I said, everything else I've installed on this machine, including things with services, don't have this problem. So while I'd like to blame over-eager anti-virus software, I'm not convinced.

Gavin Schultz-Ohkubo 2009-06-03 01:13:55

did your services application visit the internet and do something ,i did a service with some internet exchange, the anti-virus throw .... or some thing i don't known.sorry..

cjjer 2009-06-03 01:39:42

+2 A:

Probably the first course of action is to submit your file as a false-positive and ask them(us) to look at it. Mention that you're developing the file, and would like to know what triggered the alert, and they might tell you.

Otherwise look at what registry changes your service is doing.

Douglas Leeder 2009-06-03 06:32:55

+1 A:

I've not had the issue with my own services (we also use Sophos in our organisation) but I have seen it when installing certain programs such as Folding@Home.

It does seem to relate to changes made to the registry since Folding@Home stores certain data in the registry, yet my own Windows services change the registry and don't have this issue. I'd go with Douglas's suggestion of submitting it to Sophos and see what they say.

RobV 2009-06-03 08:09:31

ansaurus

tags:

views:

answers:

How to make a .NET windows service install without antivirus problems

related questions