False positive detection on antivirus test of installers created by NSIS

The developing of the SDA application was hard enough and took much free time.
But another challenge was the creation of a simple and fast installer.

The first one, was relatively fast created with help of the in the Visual Studio integrated installer. But it was not flexible enough, to make the installation process simple for the user.

So I needed to look around for another install system. After some evaluations was NSIS (Nullsoft Scriptable Install System) the system of my choice.

I was very pleased about the flexibility of NSIS and the new installer with modern User Interface was created very fast.
But after I tried to upload the new software to various application directories it turned out that the installer file may be infected by some virus.

My question was, WHY the antivirus suite detects a virus, where no viruses exist?

I've tested the file with different antivirus programs and uploaded it for check by VirusTotal and... Nothing - No viruses, No malware.

I have found, that many software directories use virus check software, developed by AV-Test GmbH (www.av-test.org).
I have tested the program files with the AV Test Suite, but no viruses were found. Because of this, only the installer could be the reason of the virus detection and only the way to test why, was to comment out some parts of the installer source.

I was trying many times to reduce the code in installer, but was getting always false positive alarm.
After the installer had nothing to do, but still has been detected as a virus, I have deactivated all NSIS plugins and additional includes.

But only as I have changed the compressor to LZMA (add on the top: SetCompressor /FINAL lzma) I got no more false positive virus detections with minimalistic configuration.

The second place, which has been detected by the AV suite as virus, was the inclusion of the Modern User Interface.
After the row !include MUI2.nsh has been removed (and other parts of Modern UI), the virus check was successful again.

if your, created with NSIS, program installer will be detected by some antivirus suite as malware, try

  1. to set the compressor to LZMA (non solid) with the code: SetCompressor /FINAL lzma
  2. to remove the modern user interface and switch to the original UI

I hope I can help you to save much time if you have the same problem.