We encountered a problem when installing our
software based on AutoCAD 2022 OEM. Namely, on a Windows 10 operating system, Microsoft Windows Defender reports the following error message:
Error 225. The operation did not complete successfully because the file contains a virus or potentially unwanted software.
Windows Defender throws an error as the file contains a virus and deletes/quarantined the below file: “…\ x64\EAI\Setup\en-us\MRF\Setup\Setup.exe”
This file is created by the „AutoCAD OEM 2022 - English Installer Wizard“ tool.
Does anyone know this problem?
I honestly don’t know how relevant this file is to our software product. As a workaround, I took the original version of the file directly from the AutoCAD 2022 OEM package. With the original file, the error message no longer appears and the installation seems to have been completed successfully. Now I would like to know if we can use the original AutoCAD OEM file like this and why the AutoCAD 2022 OEM Installer Wizard Tool modifies this file so that the antivirus detects it as a virus.
Thanks for any support.
Sabour,
You may have already gotten past this but just in case you are still struggling with it, or someone else runs into it, the most common reason for Antivirus flagging it during installation is that the “setup.exe” file does not have a “Digital Signature”. If you check the properties of the exe you will more than likely see that the “setup.exe” file your grabbing directly from the OEM package has a digital signature but the one created through the Wizard has it stripped out like you see in the following picture:
In OEM 2023 they have built digital signing into the Wizard so that the setup.exe is signed. You have to purchase an EV or OV Code signing certificate for this as AutoDesk does not supply one.
In the meantime, for OEM 2022, you can manually sign it with your EV or OV Code signing certificate, if you have one, or purchase one for this.
If you have issues signing the “setup.exe” it is probably because the Wizard left a dirty Security Directory in the exe. You can strip out the bad directory in the exe by using a tool to remove it. We use one called “delcert.exe”. After you strip the bad directory from the file you can then use Microsoft’s signtool to sign the file.
Here is an example of the commands we run to clean up the exe and sign it with our Digital Signature:
“C:\Path to delcert\delcert.exe” “C:\Path to setup\setup.exe”
“C:\Path to signtool\signtool.exe” sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a “C:\Path to cleaned setup\setup.exe”
You can automate those or similar commands at the end of your build process so you don’t have to manually run them.
Shawn
1 Like
