When we start the update on Windows from 10.2.2 to 10.2.3 with GEN500000000001220.exe we have a virus alert.
Checksum is OK so it is the original file. When we run it, it is unpacked and one of the files is runme.exe
Alleged Virus information.
34 engines detected this file
Is the file runme.exe which is extracted from GEN500000000001220.exe a threat?
I have discussed this issue with the Cybersecurity team and it was found that since runme.exe is, in turn, calling setupnt.exe, the file is being listed as a threat.
This file just changes the directory and calls the setupnt.exe, so is completely harmless.
cd 10.02.03.00 ./setupnt.exe
This issue can be resolved as follows:
1. Remove the concept of runme.exe and ask the customers to directly install from setupnt.exe/setuplin.exe/setupsol.exe
2. Whitelisting the runme.exe from customer’s side:
If the Windows/Linux executables are downloaded with correct checksum’s provided by us then this file(runme.exe) should be treated as a safe one.
Customers should add the runme.exe in the whitelist and then run the virus scans.