Enigma Protector

They just say 'Reason: Viruses, spyware or other malware were detected in the submitted file. '

I fully understand you and I will support you as much as necessary until the issue will be resolved.
Meanwhile, I will control situation on virustotal and do necessary actions if any false detection appear.

CNET support team responses fast enough? I see they have forums, maybe I could ask their how to solve such issue there?

cnet support is slow, I sent the request yesterday. I'll check out the forums.

i just did a new virustotal and i'm up to 3/42.

Maybe if I made a new copy of my program and changed some things I don't really need and I could turn off parts of your program that might be adding to my problem.

Things I can change that might be causing a problem:

*urldownloadtofile - rarely used, I only use it if hacker condition detected to send a message to me, apparently all kinds of Trojans and other stuff use it.

*I do a 'process kill' of my own program in a 'fancy' way if hacker detected, apparently viruses like to kill other programs so scanners might look for this heuristics.

*apparently just having some strings like 'google.com' or 'bing.com' and some other ones in your program can be a problem because viruses might try to redirect those to a different search engine. Hiloti is related to Kaz and it does that.

I believe that my problem is somehow related to the fact that my program is a system wide program and file launcher, that it uses the keyboard hook so the user can bring it up at any time, and that the 'autosearch' feature of my program will grab the text you have selected in your current window so it can automatically run a web site search on it. These are central parts of my program, but unfortunately trojans, key loggers, and bots all like to do that generic stuff for nefarious purposes.

My program is meant to be a system wide utility program and it doesn't just play by itself like most programs do, so I am stretching the limits to start. Unfortunately, modern viruses use exactly the same techniques to hide themselves from virus scanners that enigma uses to protect source code from hackers.

Seems like my stretching the limits combined with your hiding techniques is causing a big problem. Are there some features of your program I might try turning off, especially in the free version of my software?

Looks like detection decreases up to 2 false detections again, there is only AntiVir and eSafe.

I sent a sample to AntiVir seems about 3 times, but they still did not reply nothing. Did you try submit them yourself too?

Regarding eSafe, I have a contact of one person from this company, will try to ask him a help directly. As far as I saw, there is no any form or contact to send them false detection sample, so let's try another way.

Regarding cNet, is there any news? I just have an idea, that maybe they use some famous antivirus for files scanning, but they do not update this database so often? I.e. their report maybe still based on old false detection..?

I understand that your application maybe a little risky (uses risky features) than some usual program, but this does not mean you should get antivirus false detections. 2 false detections is really very low, I doubt you can get such result with any other software protection system. Manipulating with the protection options is not a good choice too. Keep everything as is. It would be better if you focus on a promotion of your software, to make it more popular. If your software is popular enough, antiviruses solve false detection themselves, without the need to send them a sample.

I will also try to find direct contact to somebody from AntiVir...

Just got a reply from Symantec, they confirmed the false detection is solved from their side.

My submission to antivir is listed as 'pending' even though it is almost a week:

http://analysis.avira.com/samples/detai ... vvL2T2R1sj

I don't know what difference me submitting it will do, no information from me proving me as the owner of it was required.

Cnet did not reply to my email asking for detailed information about my false positive. I assume they didn't like the question, it is considered confidential information.

It's not an Enigma problem, it's an autohotkey plus packer problem. Any packer/compressor used with autohotkey can cause false positives. A one line program can cause false positives when a packer is used!

I tried compiling my program and digitally signed it without using enigma. I then submitted it to virustotal and got zero positives! Because of this, I have decided to not use Enigma for the free version of my program. It will just use the protections that I have implemented in the program myself.

If I can not get my program on cnet and other sites like it, making it popular would seem to be more arduous.

Same for me, Antivir status still says "pending".

To finalize the thread I want to say that 2 false detections per up to 43 antivirus scanners is just nothing. Any, even not packed program may have more detections.

For now, we hope that taggant system will help us to resolve the problem. Also hope it will be released soon.

Regarding CNET, you may add your program without protection to it, but after some time add protection and renew the version. I can only guess what antiviruses they use to check the malware inside programs.
Maybe, they do not update their antivirus databases. Maybe they banned you after first submission of false detection sample. Maybe they store control sum of uploaded file and generate a false detection based on this stored control sum.

But I'm sure that all submissions we made will help you in future not to have such problems. Because we proved your digital signature.

If you have a freeware version and another - commercial, then try to use protection with the commercial only.

You're probably right about cnet storing the control sum and then just using the previous report.

I tried changing my program slightly and then recompiling and protecting with enigma. I then tested with virustotal and got 5 positives. I assume that since it had a new control sum and some antivirus databases feed into other antivirus databases, it would have ballooned even higher after a little while.

AntiVir finally reported that false detection had been solved. After 2 weeks...