Hello,
If we want to activate Aspose licenses, Aspose creates a temporary file that is recognized as a Trojan by our customer (see screenshot). The virus scanner deletes the file, and an Aspose error appears immediately (see screenshot). Please let us know why this DLL is being generated and why it could be recognized as a Trojan, so we can inform the customer and reassure them.
Kind Regards,
Andy
AsposeError.png (182,4 KB)
Trojaner.png (44,4 KB)
Thank you for sharing the screenshots.
Aspose SDKs may implement code obfuscation to safeguard intellectual property and enhance performance. While these patterns can resemble Trojan-like behavior, the DLL itself is completely harmless. However, this might lead to false positives from certain antivirus programs. Could you clarify which Aspose (.NET) libraries are causing this issue? Please provide detailed information. Based on the screenshot, it seems the issue is triggered by Aspose.ZIP, correct? Also, give us error message in English.
Yes, it`s Aspose.ZIP.
Sorry, but i cannot provide an English error message because ALL our customers use German-language Windows and we cannot reproduce the behavior here. The error indicates that the DLL that the virus scanner deleted is a required dependency and could not be found.
Please fix the problem as soon as possible, as there are now over 10 customers.
Kind Regards,
Andy
Is it possible to adjust the save location or the name of the generated DLL so that it is easier to define exceptions in the virus scanner?
Thank you for sharing the additional details.
I am moving your thread to the appropriate forum, where a member of the Aspose.ZIP team will review your issue and provide assistance soon.
Hello @AStelzner, I have an idea what put on antivirus’s guard. The Aspose.ZIP for .NET has inside executable for self-extracting archives composition. I checked the executable with virustotal and have found that two out of 71 antiviruses, including Microsoft, treat the file as a malware. Now we are thinking how can we resolve it.
You have provided dotPeek screenshot, can you attach the quarantined dll here?
@AStelzner, I want to report false positive detection result to antivirus vendor. Please let us know if it is the Microsoft Defender Antivirus or another one.
We have no control over this DLL generation.
Creating a library with machine-generated name, which seems to be a part of main library containing resources (one of them treated as harmful), in temp folder is not an intended functionality. It seems this is how web server works on some initialization.
It is ESET Scanner
This archive is password protected.
Password is Test123, sorry 
I’ve installed Eset Smart Security to verify and submit a false positive report following their procedure. However, this tool did not detect any virus in the library. See also virustotal report. I’m not sure what else I can do at this point. Maybe you or one of your customer can report to Eset? As a temporary solution, they can exclude the library from being scanned.
If you have a license that is active for the June version, I can prepare a custom build of the library - without the SFX module (which enables creating self-extracting archives) - based on the stable June release, as a last resort.
The fact that ESET isn’t reporting a Trojan on your system is probably because customers have already reported it and ESET has corrected it. But an EXE packaged in a DLL will continue to lead to virus alerts in the future.
A version without the SFX module would be good, and I would also use that here. However, a sustainable solution would be better to avoid this in the future.
Kind Regards,
Andy
So, does your license cover June version? SubscriptionExpiry date should be after or equal June 10, 2025.
Yes, expires 20260228
Lets know your e-mail to send custom build.