by iconic » Tue Jun 11, 2019 6:26 am
I'm not Madshi but certainly qualified to answer your inquiry adequately
You can do the following:
[1] Contact the vendor(s) of the anti-virus software that is labeling your benign code as malicious (a false positive) and ask them to remove the detection. They may have to independently review your submission (detected files) before they just take your word for it. You may also mention that these false positives are negatively impacting the sales of your safe and helpful software designed to do similar to what their software is doing, protecting the host. Keep in mind that no software can ultimately determine whether your code hook keeps the bad guys out or lets the bad guys in to a system and this inability to differentiate/distinguish between code intentions will always exist, so this comes with the territory. Hooking and injection are often used by both Anti-Virus and by the malicious software that they are looking to detect
[2] Sign your binary modules (EXE, DLL, SYS files etc). This essentially creates a trust-based relationship between you and most anti-virus software and will solve 99% of these "false positives"
--Iconic