Virus Detection #17
Comments
«Has this been taken care of or any way for us to fix it compiling from the source?» |
I understand that. But is there any way to change signature or something to "fool" AV? May be downloading source code, changing few things so that we have our own unique signature? |
Maybe the Watemark. But I don't think so. I doubt you can do something about that; you can send your sample to the anti virus though |
I just use VirusTotal to scan a protected sample and got 3/52, and the detections are the generic one. Also, modifying it to avoid detection is not trivial, and once such method is known, malware authors would also use it to avoid detection, render this method useless. For now, the best way is to request anti-virus vender to whitelist your application. Sorry for inconvenience! :P |
I get frequent virus detections with BitDefender while I'm trying to obfuscate files. I've had much better luck by excluding all the "exotic" protections -- the ones that say "Incompatible with OS other than Windows" or "Produces unverifiable modules". So far I haven't seen any false positives just using this stack: ctrl flow, anti ildasm, constants, ref proxy, resources, rename |
Confuser has worked great for us except that anti-virus software flagging our apps as malware. There have been many tickets open for this on codeplex: #8900, #8899, #8645, and esp. #8899 one where you (@yck1509) mentioned that it will be hard to fix. Has this been taken care of or any way for us to fix it compiling from the source? One way that I can think of is to allow to pass some guids or unique signatures in *.crproj that can be used during obfuscation (sorry if this doesn't make sense; I wish I knew more about obfuscation processes).
The text was updated successfully, but these errors were encountered: