有没有办法避免我的混淆应用程序看起来像病毒

发布于 2024-07-15 02:57:31 字数 283 浏览 9 评论 0原文

当我混淆应用程序时,防病毒软件会针对混淆的应用程序发出病毒警报。

我可以做什么来避免这种情况?

我在 Windows XP Professional 上使用 Visual Studio 2008 和 .NET Reactor 3.9.8.0。

Windows 和应用程序都是最新的,防病毒软件在运行完整扫描时什么也找不到。

编辑:Avast Antivirus 发出警报。 MS Forefront 没有。

编辑2:更改控制流混淆级别修复了它。

When I obfuscate my application the antivirus gives a virus alert for the obfuscated application.

What can I do to avoid this?

I am using Visual Studio 2008 and .NET Reactor 3.9.8.0 on Windows XP Professional.

Windows and applications are up to date, and antivirus finds nothing when running a complete scan.

EDIT: Avast Antivirus gives an alert.
MS Forefront does not.

EDIT 2: Changing the Control Flow Obfuscation level fixed it.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

止于盛夏 2024-07-22 02:57:31

一些 EXE 压缩器/混淆器/其他工具被防病毒程序视为恶意软件,因为它们通常用于压缩/加密/隐藏病毒。 尝试使用不同的程序进行混淆。 如果问题仍然存在,您也可以尝试稍微更改一下代码,也许您的代码模式之一对防病毒程序来说看起来很可疑。

编辑:经过快速搜索,我没有发现其他用户对 .NET Reactor 的误报报告 - 您也可以尝试将问题报告给 EZIRIZ 支持 - 也许他们对此了解更多。

Some EXE-compressors/obfuscators/other tools are treated as malware by antivirus programs as they are often used to compress/encrypt/hide viruses. Try to use a different program for obfuscating. If the problem persists, you could also try to change your code a bit, perhaps one of your code pattern looks suspicious to the antivirus program.

EDIT: After a quick search, I found no false alarm reports from other users for .NET Reactor - you could also try to report the problem to the EZIRIZ support - maybe they know more about this.

陌生 2024-07-22 02:57:31

我遇到了同样的情况,这次是使用 Avast 和 REACTOR 4.7.0。
取消选中控制流混淆没有任何作用。

它是 NATIVE EXE 文件选项(注入 WIN32 启动代码以替换标准 CLR 启动代码)。 向 EZIRIZ 和 AVAST 报告。

奇怪的是,exe 文件(在停用 Avast 时获得)被 Avast 扫描并声明为干净。

I got into the same situation, this time with Avast and REACTOR 4.7.0.
Unchecking Control Flow obfuscation did nothing.

It was the NATIVE EXE File option (which injects WIN32 startup code to replace the standard CLR startup code). Reported to EZIRIZ and AVAST.

Curious thing was that the exe file (obtained while desactivating Avast) was scanned and declared clean ... by Avast.

瞎闹 2024-07-22 02:57:31

问题是通过一种防病毒软件还是多种防病毒软件才可见? 您还可以将您的应用程序发送到病毒实验室,他们将尝试更新其签名,以便将来不会匹配。 当然,如果世界上每个防病毒软件都将您的软件识别为病毒,这就会出现问题;)

Is the problem visible with one Anti Virus or with many? You can also send your app to the virus labs and they will try to update their signatures so it won't match in the future. This is, of course, problematic if every anti virus software in the world recognises your software as a virus ;)

葬心 2024-07-22 02:57:31

防止此类问题的可靠方法是使用商业代码签名证书对您的软件进行签名。 反病毒引擎对此类签名文件的评价要高得多。 如果您拥有证书,则可以在 .NET Reactor 中定义它。 这样,.NET Reactor 将在保护后自动对您的软件进行签名。

或者,您也可以将误报报告发送给相应的防病毒软件供应商,他们通常会在 48 小时内正常纠正签名数据库。

A reliable way to prevent such problems is to sign your software with a commercial code signing certificate. Such signed files are much higher rated by anti virus engines. If you own a certificate you can define it in .NET Reactor. This way .NET Reactor will automatically sign your software after protection.

Alternatively you could also send a false positive report to the corresponding Anti Virus software vendor and they will usually correct the signature database normally within 48 hours.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文