-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Obfuscated exe triggering multiple false positives #166
Comments
For such you have to report to the vendors and let them fix the false positives. Similar to #155 . |
Yes I have already reported false positives to specifically Symantec. I will do so with the other vendors. I wondered if you had experience with this issue before because I suspect obfuscating exe's in the future will just cause more grief! |
Unfortunately the nature of obfuscation is that such false positives can happen. Anti-virus can easily report what they could not fully understand as viruses. Big obfuscation vendors might have the resources to work closely with anti-virus vendors to address such, but this is an open source project, without such luxury. |
Alternatively, buy a code sign certificate to sign your binaries and then usually anti-virus software won't report any like that. |
I used obfuscar on a project at work that needed some sensitive code hiding, it worked well... too well!
The exe has tripped an alarm in SEP (Symantec Endpoint Protection) as a trojan. I uploaded the exe to Virus Total and the exe triggered detections from 5/69 vendors.
I have since reproduced the issue with a more stripped down program and it is now triggering 3/69 detection engines.
I have attached the source code without the built exe, you will have to build the exe yourself (since it might trip virus alarms). Simply run the project (it's a hello world console app), then upload the obfuscated exe to Virus Total, it will be detected as a virus.
Here is a link to the source code:
Obfuscated Virus False Positive.zip
The text was updated successfully, but these errors were encountered: