Obfuscated exe triggering multiple false positives #166
Comments
|
Here is a screenshot from virus total
|
|
For such you have to report to the vendors and let them fix the false positives. Similar to #155 . |
|
Yes I have already reported false positives to specifically Symantec. I will do so with the other vendors. I wondered if you had experience with this issue before because I suspect obfuscating exe's in the future will just cause more grief! |
|
Unfortunately the nature of obfuscation is that such false positives can happen. Anti-virus can easily report what they could not fully understand as viruses. Big obfuscation vendors might have the resources to work closely with anti-virus vendors to address such, but this is an open source project, without such luxury. |
|
Alternatively, buy a code sign certificate to sign your binaries and then usually anti-virus software won't report any like that. |
I used obfuscar on a project at work that needed some sensitive code hiding, it worked well... too well!
The exe has tripped an alarm in SEP (Symantec Endpoint Protection) as a trojan. I uploaded the exe to Virus Total and the exe triggered detections from 5/69 vendors.
I have since reproduced the issue with a more stripped down program and it is now triggering 3/69 detection engines.
I have attached the source code without the built exe, you will have to build the exe yourself (since it might trip virus alarms). Simply run the project (it's a hello world console app), then upload the obfuscated exe to Virus Total, it will be detected as a virus.
Here is a link to the source code:
Obfuscated Virus False Positive.zip
The text was updated successfully, but these errors were encountered: