I am having a problem with disassembling and reassembling a .NET executable and it throwing a false positive after.
The error I get specifically is:
Heur.AdvML.B
As of now, I am no longer editing the asm prior to re-compiling it. I literally de-compile it and recompile it, run it and get the error. I am aware that I can attempt to reach out to my network admin to get a folder removed from the "watch" list, as well as attempt to contact Symantec.
What would be ideal, is if someone could help me identify why exactly this is occurring.
Things I have tried:
Strip all debugging references from the asm completely Set System.Diagnostics.DebuggableAttribute/DebuggingModes with 01 00 02 00 00 00 00, which should be release-optimized indicator de-compile and re-compile a known working exe without touching it
What is causing this false positive if the original exe is clean. Do I need to sign the exe? Really confused any help would be appreciated.