'You've discovered a very rare file. This file might be dangerous' of our app.

Hello,
I’m working on application development for private companies use.
A user can download an executable from our site. Moreover, before download, we update resources and then sign resulting binary. So each user gets quite changed program.
The problem is that users get a warning I wrote in the subject. And to install they should click ‘More’, ‘I trust…’ which is not convenient for them.
I’ve read this topic https://forum.avast.com/index.php?topic=205767.0.
As I understand signing doesn’t help, only a larger user base or manual submitting to the false-positive form of each new build. And I’m not sure if this helps because of updating binary for each download.

Is there a solution for this issue or a way to configure the Avast in a local network to trust our application?

Here is virustotal report https://www.virustotal.com/gui/file/f0f3f569614bf9965c95e345eb25dc9b0c3bc0f6b1c6ab36b6822c5c0b5c606c/detection

As you’re a developer, read here…

https://support.avast.com/article/229/
https://support.avast.com/article/228/

Vendors who sign their applications with digital signatures can apply for whitelisting via their digital signature. This type of whitelisting is provided to a [b]limited number[/b] of digital signatures, and only if the software developer has a [b]clean track record[/b].

So we should wait for a clean track record and then apply for whitelisting via digital signature?

If you don’t have a clean track record, you probably won’t get approved.

Ok, so we can’t do anything but wait.
Thanks.

Also, forgot to ask.
If we upload the app to the Avast Threat Labs to mark it as safe. But we patch the application resources (some configs) before download, will it still be counted by Avast as the old app we uploaded before? Or it’s treated as a new one?

You’re welcome. Everything else needs to be answered from Threat Lab.

A modified file is a different file, so I’m afraid there’s no point in whitelisting it (well, unless some actual detection is reported - as a false positive).
I’d say the only way is the digital signature.