When I make self-extracting files in WinRar with the 64-bit sfx module, windows Antivirus always detects it as a virus.

Question

When I make self-extracting files in WinRar with the 64-bit sfx module, windows Antivirus always detects it as a virus.

Anonymous

English:
It always detects it as a virus, even if it is creating a self-extracting Rar archive with an empty plain text file. As for where I got it from, WinRar was directly from their official website, this very "https://www.winrar.es"

Certainly, there is a solution to the problem, you can use the default sfx module, which is always 32-bit.

But as for adding an exception for each self-extracting file with the 64-bit module, it is certainly a hassle.

Español:

Siempre lo detecta como un virus, aunque esté creando un archivo Rar autoextraíble con un archivo de texto plano vacío. En cuanto de donde saqué, WinRar fue directamente de su sitio web oficial, esté mismo “https://www.winrar.es”

Ciertamente, existe una solución al problema, puedes utilizar el módulo sfx por defecto, el cual es siempre de 32 bits.

Pero en cuanto añadir una excepción por cada archivo autoextraíble con el módulo de 64 bits, ciertamente es una molestia.

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

7 additional answers

Answer 1

Vulnerability doesn't mean anything specific on its own, it just means something about the item (SFX in this case) is vulnerable to some form of abuse.

In this case it appears that SFX can be manipulated by malicious actors in order to perform PowerShell and possibly other operations on systems where the self-extracting executable files it creates are run. In the examples I briefed through, relatively severe things that could damage or aid in remotely taking over your system. Read the articles for more, I didn't truly care since I'd never experience this on my own Windows 10 in S Mode system, since it can't run legacy executable file formats which is why it's so secure.

Rob

Answer 2

Anonymous

I see it very reasonable, although it could be better but as it is a free antivirus that is going to do.

But it certainly could be better, but this doesn't seem to be something they specialize in.

0 comments

Answer 3

Though it's only speculation, the following may be the reason for the detection, especially if Microsoft has simply decided to detect all such self-extracting archives created with SFX as potential malware in order to warn users that they may contain undetectable malware.

WinRAR SFX archives can run PowerShell without being detected

Seems like a valid reason to me, since the typical user wouldn't have any idea whether the archive was created with SFX or for that matter even with WinRAR and if it's being abused for malicious purposes, that may be the only warning of potential risk they receive.

Rob

Answer 4

Anonymous

So a false positive from the antivirus has nothing to do with it?

If I use other antivirus like kaspersky it doesn't say I have a virus.

0 comments

Answer 5

Hello,

Thank you for using Microsoft products and posting to the community.

Based on your descriptions, since the SFX module in WinRAR is a third-party program, you need to contact the software developers for further assistance. (The link provided is in English.)

Disclaimer: Microsoft provides no assurances and/or warranties, implied or otherwise, and is not responsible for the information you receive from the third-party linked sites or any support related to technology.

Thanks for your patience and understanding.

Best Regards,

Johann - MSFT | Microsoft Community Support Specialist

Share via

When I make self-extracting files in WinRar with the 64-bit sfx module, windows Antivirus always detects it as a virus.

7 additional answers