Numerous virus detection when using Enigma

Post here messages if you have any problems with working of Enigma Protector
Post Reply
pauly89
Posts: 6
Joined: Fri Feb 23, 2018 6:16 pm

Numerous virus detection when using Enigma

Post by pauly89 » Mon May 18, 2020 12:50 am

Hi
I'm using a paid Enigma with paid subscription and recently I forwarded some testing programs to virustotal
which are very basic programs containing a dialog or just a simple math addition of 2 strings, yet
I encountered numerous AV detections.

These detections seems to increase by the day, on the first day I submitted I gotten 15 detections out of 74 and
on the next day the number jumps to 20 out of 74 AV. And that I was submitting the same assembly
to Virustotal on these 2 days???

But with the same program but without Enigma compilation there is no virus detection by Virustotal.

I have submitted to Enigma support on this matter 2 weeks ago but receive no reply. So can Enigma please
tell me what would be strategy to counter such AV detections which are decidedly false negatives.

What I need are :
1. What are the best practice to use to avoid detection of false negatives ?
What Enigma checkup that normally will trigger such false detection and what to avoid?
I noticed that if I avoid using checksum and virtualization then the number of detections became lesser.

2. what steps shall I used , do I need to submit directly to these AV companies that my software is legit
and we don't create malware and our company is legit ?

Please advise to overcome these false detections as a very simple program which has no input nor output
and when compiled by Enigma it gotten detected by numerous AV programs ?
Attachments
Capture.PNG
Capture.PNG (36.16 KiB) Viewed 406 times

pauly89
Posts: 6
Joined: Fri Feb 23, 2018 6:16 pm

Re: Numerous virus detection when using Enigma

Post by pauly89 » Tue May 19, 2020 8:44 am

Can Enigma response to this issue ?

I have been waiting for your response to my email for 2 weeks before this forum posting, and that I had sent links
for Enigma support to down load the program files and Virustotal reports. Yet there is no response from
your side is very perplexing ?

It seems that any small program with no input or output or does nothing except for a simple message dialog
and when protected by Enigma, it would be detected as a malware by at least 7 or 8 AV products.
This is not good for a commercial product.

We need to know what options that we can use to minimize false positives, so please respond on this matter.
At the very least, please response to our emails, and don't just keep quiet and pretend nothing is happening?

Why are some AV products keep on targeting Enigma protected software?

Enigma
Site Admin
Posts: 2555
Joined: Wed Aug 20, 2008 2:24 pm

Re: Numerous virus detection when using Enigma

Post by Enigma » Tue May 19, 2020 9:01 am

Hi Paul,

The detection from antivirus is named as False Positive Detection and happens due to mistake/error of the antivirus.
There are, definitely, no any virus inside protected files.

Virustotal has a lot of members, small antivirus companies do not have much resources to investigate the file against the virus, and they prefer to mark it as a virus, even if there is nothing inside, than waste a time to check the file out.
Also, be aware that virustotal sends all files that you upload there to antivirus developers, that could mark the file as a virus by default, because Virustotal is often used by virusmakers to check new virus against detection.

What we suggest to do:
1. Most simple way - submit protected file to antivirus that wrongly detect it as a malware, ask to fix the problem. Depending on antivirus, there are different links where you can submit the file
2. Digitally sign protected file with code signing certificate, this usually helps a lot
3. Just move forward to release your software, once the users will use the software, antivirus will fix detection themselves.
4. Do not abuse Virustotal, more times you send the file there, more new detections you will get (reason described above).

Post Reply