Options
Antivirus blocks Smart Assembly
developer
Posts: 1 New member
Please ask for help
I purchased license of SA product.
I created an "Hello-World" executable and perform minimal obfuscation.
The executable uploaded to some web app.
When downloaded via chrome, the executable detected as dangerous virus
from a category type "win32/wacatac.b!ml"
What action should be performed to avoid it ?
I purchased license of SA product.
I created an "Hello-World" executable and perform minimal obfuscation.
The executable uploaded to some web app.
When downloaded via chrome, the executable detected as dangerous virus
from a category type "win32/wacatac.b!ml"
What action should be performed to avoid it ?
Answers
In some cases antivirus software may incorrectly mark the software protected by SmartAssembly as a virus. The primary mechanism used for detecting whether something is a virus is to use a signature (small piece) of a known virus to compare against the application. In rare cases this will lead to false positives.
It's impossible for us to know what exactly caused the application to be recognized as a virus. I can't say anything more than "a combination of enabled SA features and the user's original code". Sometimes changing something in the application can help, or disabling or enabling a protection feature in SmartAssembly, or changing the protection level when applicable.
From experience we've seen that in really small test applications the issue of Windows Defender incorrectly detecting a virus in my test application was more prominent. On the contrary, this usually isn't an issue for normal, larger applications.
The best approach would be to send the application protected by SmartAssembly (the one that is incorrectly detected as a virus) to the antivirus company for analysis, so they can tweak their signature collection to avoid such problems with this particular application in the future. In the case of Windows Defender, the appropriate form can be found here: https://www.microsoft.com/en-us/wdsi/filesubmission
If you want to make sure that your actual application will not be recognized as a virus by other antivirus software, you can use Virus Total to perform a quick scan on multiple antiviruses at once: https://www.virustotal.com/
Victoria Wiseman | Redgate Software
Have you visited our Help Center?