Norton & Windows Defender detect the generated exe as infected by Heur.AdvML.B virus.

[coralexa]

Hi, I'm generating a Windows application that must be deployed in Production. Once I try to obfuscate with ConfuserEx the executable is quarantined by Norton as a high risk threat.

These are my steps:

OS: Windows Server 2022 Standard. Microsoft Visual Studio Enterprise 2019 Version 16.11.26

Downloaded the version "1.7.0-alpha.{height}". Cleaned and recompiled the solution, Configuration: Release Any CPU.

My C# project targets the Frame Network 4.6.2 Recompiled, Configuration: Release Any CPU.

Started from an elevated Command: ...ConfuserEx\bin\Release\net462\ConfuserEx.exe

Loaded the project P123.crproj and hit the Protect button.

The second the confused exe is generated the Norton pops up signaling the threat.

Notes:

1. The confused executable is properly generated if I disable Norton. And it works the same way as the original exe.
2. I've exposed the confused file to the VirusTotal, https://www.virustotal.com/ Their findings are also included.

Thank you kindly for any ideas!

[mkaring]

Some of the protections cause issues like this. The reason is that actual malware developers use ConfuserEx every now and then. The following issue contains extensive information what protections may cause false positives: https://github.com/mkaring/ConfuserEx/issues/64#issuecomment-515240311