Is there a way to avoid having my obfuscated application looking like a virus

Asked 17/3, 2009 at 9:11 Answered 12/11, 2020 at 16:53

obfuscation antivirus

When I obfuscate my application the antivirus gives a virus alert for the obfuscated application.

What can I do to avoid this?

I am using Visual Studio 2008 and .NET Reactor 3.9.8.0 on Windows XP Professional.

Windows and applications are up to date, and antivirus finds nothing when running a complete scan.

EDIT: Avast Antivirus gives an alert. MS Forefront does not.

EDIT 2: Changing the Control Flow Obfuscation level fixed it.

Punishment answered 17/3, 2009 at 9:11 Comment(0)

Some EXE-compressors/obfuscators/other tools are treated as malware by antivirus programs as they are often used to compress/encrypt/hide viruses. Try to use a different program for obfuscating. If the problem persists, you could also try to change your code a bit, perhaps one of your code pattern looks suspicious to the antivirus program.

EDIT: After a quick search, I found no false alarm reports from other users for .NET Reactor - you could also try to report the problem to the EZIRIZ support - maybe they know more about this.

Intangible answered 17/3, 2009 at 9:16 Comment(0)

I got into the same situation, this time with Avast and REACTOR 4.7.0. Unchecking Control Flow obfuscation did nothing.

It was the NATIVE EXE File option (which injects WIN32 startup code to replace the standard CLR startup code). Reported to EZIRIZ and AVAST.

Curious thing was that the exe file (obtained while desactivating Avast) was scanned and declared clean ... by Avast.

Bresnahan answered 17/1, 2014 at 13:12 Comment(1)

I am also using Reactor 5.0 and had same problem with Windows Defender removing my exe on launch. Removing the Native EXE option fixed this for me. – Dowse 21/8, 2017 at 21:22

Is the problem visible with one Anti Virus or with many? You can also send your app to the virus labs and they will try to update their signatures so it won't match in the future. This is, of course, problematic if every anti virus software in the world recognises your software as a virus ;)

Allison answered 17/3, 2009 at 9:19 Comment(0)

A reliable way to prevent such problems is to sign your software with a commercial code signing certificate. Such signed files are much higher rated by anti virus engines. If you own a certificate you can define it in .NET Reactor. This way .NET Reactor will automatically sign your software after protection.

Alternatively you could also send a false positive report to the corresponding Anti Virus software vendor and they will usually correct the signature database normally within 48 hours.

Perr answered 12/11, 2020 at 16:53 Comment(0)

Recommended topics

Hot tags