Friends have always given feedback that the programs we package are flagged by antivirus software!
False positives usually occur for two main reasons:
The solution is simple: add a code signature and then submit it for certification on the designated antivirus software platform! ^_^ Our focus is on signatures, aiming to minimize false positives at this level. Some friends also reported that even after signing the packaged program, it is still flagged by antivirus software. What could be the reason?
Well, during the packaging process with NSIS, an uninstallation solution is synchronously generated. In the installation process, there is a step to release the uninstallation program:
WriteUninstaller "$INSTDIR\uninst.exe"
It's this WriteUninstaller command that dynamically releases an uninstallation program to the target installation directory during installation. Since this program is dynamically written and not signed, it is the main cause of false positives.
Today, let's take a look at how this issue is elegantly addressed in the nsNiuniuSkin packaging solution.
Our goal is to include the signed uninstallation program in the generated installation package.
The uninstallation program's logic is to uninstall the files in its own directory. It can be generated in advance, signed, saved, and then used directly. We could have done it this way:
However, this approach could lead to a disconnect between the installation program and the uninstallation program, potentially causing uninstallation issues in future version developments. Considering that we may modify the installation and uninstallation interfaces when generating the installation package, our approach is to synchronize the generation, signing, and packaging of the latest uninstallation program each time we package, ensuring unified control and one-time generation of the final installation package from scratch!
Below is our one-click generated complete solution, and the script process is as follows:
The above process is fully included in our latest packaging script, which also provides a code signing script. If you already have a code signing certificate, just configure the certificate name and password. Then, using our one-click packaging script, you can create a fully signed and beautifully designed installation package.
Entry script for generating uninstallation program, releasing, signing, and copying to FilesToInstall 
Signing effect:
Signing effect for the main program
Introduction to the signing script
Signing is done using Microsoft's signcode.exe. The core signing script is as follows:
@echo off
set pfx_password=%3
set timestamp=http://timestamp.digicert.com
:doSign
echo "doSign %1-------"
signtool.exe sign /f %2 /p "%pfx_password%" /t %timestamp% /du %4 "%1"
if errorlevel 2 goto :doSign
if errorlevel 1 goto :doSign
if errorlevel 0 goto :eof
:offline
echo "no network"
pause
exit
The corresponding script has been encapsulated into a .bat file and integrated into the entire packaging process. If you don't want to spend time writing it yourself, feel free to contact me! 
You can also directly install the nsNiuniuSkin interface online design engine to see the actual effects:
http://www.ggniu.com/download/NSNiuniuSKin_DuiDesigner_Setup.exe
At this point, we have a fully signed installation package program. The likelihood of false positives should theoretically be significantly reduced, but it cannot be said to be completely eliminated. To ensure normalcy, it is recommended to submit the software to the antivirus software platform for whitelisting.
In the installation package installation process, a beautiful UI often leaves a deep impression on customers about the installed product, highlighting the software provider's dedication and focus on user experience! We hope our efforts make the process of creating installation packages easier and more enjoyable.
May there be no difficult installation packages in the world!