[wix-users] Virus Popup "SONAR.SuspPgDataRun" when install Burn from shared directory

Phill Hogland phill.hogland at rimage.com
Thu Sep 24 05:05:03 PDT 2015

I have this same issue (as posted in the old wix-users forum) with ANY Bundle that is NOT Authenticode signed (on our company network).  I have to code sign even the most basic test bundle.  Symantec (the owner of Verisign) has decided to flag ANY exe which is not code signed as a "suspicious program".  (I wonder why?)    I just code sign every bundle to avoid this problem from this particular anti-virus vendor.  And I have reported the false positive to Symantec, years ago, with no positive response.   They are more motivated to sell a code signing certificate than modify this "feature" of  Endpoint Protection.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Tobias S
Sent: Thursday, September 24, 2015 6:12 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Virus Popup "SONAR.SuspPgDataRun" when install Burn from shared directory

Several ideas around that:
- In such cases I always recommend our customers:
  a) Never run installer from network. Copy them locally
  b) Switch off all Firewalls + AntiVirs during install and reactivate them
again afterwards
- A correctly configured AntiVir should btw be able to detect the WiX
Bootstrapper engine in that case. Otherwise consider to send that stripped
WiX Bootstrapper package test.exe to the antivir resp. firewall vendor.
Burn Packages become more and more popular and so AntiVir and Firewall
Vendors should definitely be able to handle such pacages correctly.
- Is the bootstrapper signed with a certificate? This also should help to
reduce the risk of a false positive for other Burn packages

WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

More information about the wix-users mailing list