I wasn't terribly sure what website to ask this question on, but since it primarily deals with the development/distribution process I chose to ask it here.
I'm in the process of creating a company that deals with RMM/MMS for clients. I have a service set up that allows remote connections to client PCs so that we may perform any number of tasks to manage said PCs. Everything was going swimmingly during setup and tests for distributing endpoint software to remote PCs until I started labing distribution on windows machines. This is where the problem lies and where I'm not sure how to approach this.
Windows Defender flags the installers as malware. Now before you start explaining that it's AI detection and the intricacies of how that works, I've already read many stack overflow and MSDN articles detailing that part of the problem. What I'm asking is: is there a build process or general practice that will make installation binaries more appealing to Windows Defender. Keep in mind, these installers are generated dynamically when a client signs up for the service, and get emailed to the client for execution on the remote machines. Do I need to apply for some kind of certificate to embed in the installers to validate that though yes it is a small C program compiled with mingw, that it is in fact NOT malware and is only installing endpoint management software?
I've only had this issue on windows machines and have distributed these binaries on several linux machines.
It is challenging for software to avoid antivirus quarantine when it behaves like a virus. Signed installation packages that have been successfully installed many times (or have been submitted for whitelisting) build a reputation that antivirus software will eventually trust.
Dynamically generated installation packages will struggle because each one looks new. You certainly could submit one of your packages for whitelisting. The hope would be that the antivirus software recognizes a pattern, so it trusts the other dynamically generated replicas.
I understand why you are doing what you are doing. The problem is virus developers have the same goal as you.