You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@flex.apache.org by Olaf Krueger <ma...@olafkrueger.net> on 2021/01/22 16:09:47 UTC
AIR app (Captive runtime) is blocked by anti-virus scanner
Hi,
since we moved some remaining Flex apps to AIR (Using captive runtime), some
of our users reports that the app is being blocked by their
anti-virus-scanner.
Because in some cases, the responsable IT-departments don't like to
whitelist additional apps, we run into trouble.
We are not yet using a "real" certificate at compile time. Could this be the
problem?
Or could there be anything else in the Flex / AIR apps that is causing the
virus scanner to block it?
Thanks in advance!
Olaf
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
RE: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Jason Taylor <jt...@dedoose.com>.
As long as you continue to use self signed certs and non EV-Code Signing certs from a trusted 3rd party intermediary certificate authority you will continue to encounter errors.
~ JT
-----Original Message-----
From: Carlos Rovira <ca...@apache.org>
Sent: Wednesday, February 3, 2021 8:15 AM
To: users@flex.apache.org
Subject: Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Hi many thanks for the support, from now we're experiencing problems with some AV providers but not all. I think "Avast" is not generating problems...so we still are figuring it out.
Thanks!
El mié, 3 feb 2021 a las 14:10, Olaf Krueger (<ma...@olafkrueger.net>)
escribió:
> This is just one example of how to create a self-signed p12 cert using
> ADT, maybe it helps:
>
> flex-sdk\bin> ./adt -certificate -cn SelfSign -ou XY -o "YourOrganization"
> -c DE -validityPeriod 2 2048-RSA yourCertName.p12 yourSecretPassword
>
>
>
> --
> Sent from: http://apache-flex-users.2333346.n4.nabble.com/
>
--
Carlos Rovira
Apache Member & Apache Royale PMC
*Apache Software Foundation*
http://about.me/carlosrovira
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Carlos Rovira <ca...@apache.org>.
Hi many thanks for the support, from now we're experiencing problems with
some AV providers but not all. I think "Avast" is not generating
problems...so we still are figuring it out.
Thanks!
El mié, 3 feb 2021 a las 14:10, Olaf Krueger (<ma...@olafkrueger.net>)
escribió:
> This is just one example of how to create a self-signed p12 cert using ADT,
> maybe it helps:
>
> flex-sdk\bin> ./adt -certificate -cn SelfSign -ou XY -o "YourOrganization"
> -c DE -validityPeriod 2 2048-RSA yourCertName.p12 yourSecretPassword
>
>
>
> --
> Sent from: http://apache-flex-users.2333346.n4.nabble.com/
>
--
Carlos Rovira
Apache Member & Apache Royale PMC
*Apache Software Foundation*
http://about.me/carlosrovira
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Olaf Krueger <ma...@olafkrueger.net>.
This is just one example of how to create a self-signed p12 cert using ADT,
maybe it helps:
flex-sdk\bin> ./adt -certificate -cn SelfSign -ou XY -o "YourOrganization"
-c DE -validityPeriod 2 2048-RSA yourCertName.p12 yourSecretPassword
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Olaf Krueger <ma...@olafkrueger.net>.
HI Vinvent,
>Indeed, I believe this is caused by the fact that our applications are
signed with a temporary certificate.
Yes, that make sense.
It comes into my mind that we always use the same self-signed certificate
here since a longer time.
I'll try to generate a new one using the ADT, maybe that make a difference,
not sure.
Unfortunatley, it's hard to "debug" because the anti-virus-scanner out there
behaves differently, not reproducable and sometimes it takes some days until
an Air app is blocked.
We're still using the latest Adobe AIR version, not sure if this could also
be an issue.
However, I expect to get rid of the last bit of Flex here until summer...
Thanks,
Olaf
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Tucsonjhall <Jh...@cactusware.com>.
Correct. So far no complaints. I compile with captive runtime then use Inno
Setup to package it then send the setup.exe through the Digicert utility to
sign it.
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Olaf Krueger <ma...@olafkrueger.net>.
Hi Carlos,
in our case it worked to reduce the expiration duration of the self-signed
certificate to 2 years.
(IIRIC, the default value in ADT is 5 years, not sure)
I still need to observe this, but until now I don't get no more feedback
that the AIR apps are blocked.
Keeping fingers crosses...
Best regards,
Olaf
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Piotr Zarzycki <pi...@gmail.com>.
Hi Carlos,
In Prominic we are using Comodo certs and that solve problem. Olaf and I
were resolve problems also by just generating new self signed certificate -
it could be also potential solution.
Thanks,
Piotr
śr., 3 lut 2021 o 13:47 Carlos Rovira <ca...@apache.org> napisał(a):
> Hi Tucson,
>
> We found the same problem with different Antiviruses in our clients. We're
> searching for a solution.
>
> So if I understand correctly, you got an EV certificate from Digicert as
> Jason suggested and that solved the problem?
>
> Please let me know, in order to try that path
>
> thanks!
>
>
>
> El vie, 29 ene 2021 a las 23:56, Tucsonjhall (<Jh...@cactusware.com>)
> escribió:
>
> > Still no issues, FYI. Though it's not sheep.
> >
> >
> >
> > --
> > Sent from: http://apache-flex-users.2333346.n4.nabble.com/
> >
>
>
> --
> Carlos Rovira
> Apache Member & Apache Royale PMC
> *Apache Software Foundation*
> http://about.me/carlosrovira
>
--
Piotr Zarzycki
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Carlos Rovira <ca...@apache.org>.
Hi Tucson,
We found the same problem with different Antiviruses in our clients. We're
searching for a solution.
So if I understand correctly, you got an EV certificate from Digicert as
Jason suggested and that solved the problem?
Please let me know, in order to try that path
thanks!
El vie, 29 ene 2021 a las 23:56, Tucsonjhall (<Jh...@cactusware.com>)
escribió:
> Still no issues, FYI. Though it's not sheep.
>
>
>
> --
> Sent from: http://apache-flex-users.2333346.n4.nabble.com/
>
--
Carlos Rovira
Apache Member & Apache Royale PMC
*Apache Software Foundation*
http://about.me/carlosrovira
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Tucsonjhall <Jh...@cactusware.com>.
Still no issues, FYI. Though it's not sheep.
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Tucsonjhall <Jh...@cactusware.com>.
I got an EV certificate from Digicert. So far, no problems from any
customers. It's only been out there for a couple of weeks but I'm hopeful.
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Olaf Krueger <ma...@olafkrueger.net>.
I took a look into our used self-signed p12 certificate and notice that it
has an expiration date of 2048.
This might be an issue for an anti-virus-scanner, not sure
So I created a new one and set the exparation duration to 2 years.
As soon I'll get some feedback from our users in the US I'll feedback if it
works or even not.
If not, we might need to buy a certificate from a trusted provider.
But I wonder how we can know which provider the antivirus scanner is
trusting?
Thanks,
Olaf
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
RE: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Olaf Krueger <ma...@olafkrueger.net>.
Hi Jason,
just to be sure:
You're using captive runtime and pass the EV cert at build time?
Finally, you package your app by using winrar?
Thanks!
Olaf
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
RE: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by Jason Taylor <jt...@dedoose.com>.
Contact digicert and get an EV Code signing certificate. I am using winrar
to create a SFX archive as a single file exe then signing manually with the
EV cert. Works great on all platforms and dosen't require any admin
privileges.
~ JT
-----Original Message-----
From: After24 <vi...@after24.net>
Sent: Friday, January 22, 2021 9:54 AM
To: users@flex.apache.org
Subject: Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Hi Olaf,
We have the same problem with some of our customers on Windows.
Indeed, I believe this is caused by the fact that our applications are
signed with a temporary certificate.
It would be great if Harman could integrate a signing tool for desktop Air
apps like the one that exists for signing mobile AIR applications.
Does anyone have any information on how to sign a desktop AIR application ?
( I got this link :
https://codesigningstore.com/how-to-sign-adobe-air-applications
<https://codesigningstore.com/how-to-sign-adobe-air-applications> )
Vincent.
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Re: AIR app (Captive runtime) is blocked by anti-virus scanner
Posted by After24 <vi...@after24.net>.
Hi Olaf,
We have the same problem with some of our customers on Windows.
Indeed, I believe this is caused by the fact that our applications are
signed with a temporary certificate.
It would be great if Harman could integrate a signing tool for desktop Air
apps like the one that exists for signing mobile AIR applications.
Does anyone have any information on how to sign a desktop AIR application ?
( I got this link :
https://codesigningstore.com/how-to-sign-adobe-air-applications
<https://codesigningstore.com/how-to-sign-adobe-air-applications> )
Vincent.
--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/