NSIS False Positives

From NSIS Wiki

There are hundreds of false positive made with NSIS. This page contains a list of some of them.

Does NSIS Contain a Virus?

No. NSIS is open source and you can check for yourself. Some people sadly use NSIS to distribute their malware. Even though most modern anti-virus vendors know how to extract and scan files from NSIS installers, some of them still generate signatures on the installer stub itself instead of the files in it. This causes a false positive on multiple installers generated using the same version of NSIS. This is a bug with the anti-virus and they normally fix it pretty quickly once reported back to them. It's like finding a virus in a zip file and marking all zip files as viruses as a result.

What Can I Do About My Installer?

  1. Report the false positive to the AV vendor.
  2. Sign your installer. There have been reports it helps.
  3. Compile your own version of NSIS with some modifications to avoid the signatures.

How Can I Help?

The following steps should be done for NSIS installer and the ZIP file. You can also perform them for your own installer.

  1. Upload NSIS to VirusTotal
  2. Go to the Community tab (example for 3.03) and vote as safe
  3. In the detection tab, notice which vendors have a false positive
  4. Use this list to notify each of them of the false positive
  5. Use False Positive Watch to get notified of changes to VirusTotal
  6. Repeat the process when there is a new false positive

NSIS Virus Checker False Positives

Bolded entries are still detected by the AV!

  1. McAfee - Apr 16, 2016 to May 2, 2016
  2. AntiVir - Sep 26, 2011 (see Virustotal results from Sep 26, 2011)
  3. Symantec 2011 - Sep 26, 2011 (see Virustotal results from Sep 26, 2011). Fixed on Sep 29, 2011
  4. Sunbelt - Dec 9, 2009 (see Virustotal results from Dec 22, 2009)
  5. McAfee VirusScan (DAT Version 5797) - Nov 9, 2009
  6. Sunbelt - June 5, 2009 (see Virustotal results from June 5, 2009, June 13, 2009)
  7. Vipre - May 11, 2009
  8. Symantec Enterprise - Oct 31, 2007 Definitions
  9. McAfee VirusScan (DAT Version 5150) - Oct 26, 2007
  10. AVG Antivirus - Oct 8, 2007
  11. Trend Micro OfficeScan - Sep 21, 2007
  12. Sophos - Aug 18, 2007
  13. Norton - Jul 17, 2007
  14. AntiVir Guard - Jun 27, 2007
  15. AVG Antivirus - Dec 7, 2006
  16. NOD32 - Nov 14, 2006
  17. F-PROT - Sep 21, 2006
  18. F-Secure - Sep 13, 2006
  19. Kaspersky - Sep 13, 2006
  20. Norman - Sep 11, 2006
  21. AVG Antivirus - Sep 11, 2006
  22. Fortinet - Jul 3, 2006
  23. AntiVir - Jul 1, 2006
  24. Norton & Symantec - Jul 1, 2006
  25. Kaspersky - Jun 21, 2006
  26. BitDefender - Jun 13, 2006
  27. OneCare - Jun 07, 2006
  28. AVG Antivirus - Jun 06, 2006
  29. Norton - May 20, 2006
  30. AntiVir - Feb 22, 2006
  31. Ad-Aware - Nov 22, 2005
  32. Mcafee - Nov 16, 2005
  33. AntiVir - Oct 12, 2005
  34. ArcaVir - Aug 21, 2005
  35. MS Antispyware - Aug 09, 2005
  36. MS Antispyware - Jul 26, 2005
  37. AVG Antivirus - Jul 10, 2005
  38. MS Antispyware - May 18, 2005
  39. MS Antispyware - Apr 22, 2005
  40. AVG Antivirus - Apr 21, 2005
  41. MS Antispyware - Mar 01, 2005
  42. PCCillin - Sep 17, 2004
  43. BitDefender - Aug 29, 2004
  44. Mcafee - Aug 26, 2004
  45. Sophos AV - Aug 16, 2004
  46. Norton - Aug 09, 2004
  47. Mcafee - Mar 11, 2004
  48. Norton - Feb 24, 2004


False Positive By Anti-Malware programs

  • Symantec (Norton): 5
  • MS Antispyware: 5
  • AVG Spyware: 5
  • AntiVir: 4
  • Mcafee: 4
  • Kaspersky: 2
  • BitDefender: 2
  • Sunbelt: 2
  • F-PROT: 1
  • F-Secure: 1
  • Norman: 1
  • Ad-Aware: 1
  • ArcaVir: 1
  • Fortinet: 1
  • OneCare: 1
  • PCCillin: 1
  • Sophos: 1
  • Spyware Terminator: 1
  • StopZilla: 1
  • Total False Positives: 38

Where to report false positives

Online Virus Scanners

Here is a list of free online virus scanners useful to check NSIS installers and stubs for false positives:

Personal tools
donate