VMProtect Software » Forum

I'm looking for opinions on using VMProtect for protecting commercial applications. My main concern is that some anti-virus scanners may flag the protected files as bad.

I scanned NOTEPAD.EXE protected with Demo version of VMProtect with virus total and number of anti-virus scanners reported the suspicious packer or even viruses. Did anyone experienced similar problems when using commercial version of VMProtect?

Is VMProtect used for protecting commercial products? Could you point me to some?

I'm curious if any of these products were flagged as bad by anti-virus scanners.


Regards,

Earl Edwards

I scanned NOTEPAD.EXE protected with Demo version of VMProtect with virus total and number of anti-virus scanners reported the suspicious packer or even viruses.

Demo version have many differences that registered version.
This AV report of NOTEPAD.EXE which protected by registered version:
http://www.virustotal.com/analisis/81c9 ... 83eec7d8c0

Is VMProtect used for protecting commercial products? Could you point me to some?

Daemon Tools
DeviceLock
CommView
and many many other products...

P.S. I have many talks with AV companies - they do not want to do your job well, because they have not technologies which can detect virus code in programm after protection by VMProtect.

I've the same concern. I would purchase immediately if no major AV software would report a virus on a protected file.

I've tested many protectors (and we have written also our own), but all are at war with AV software. This means you loose more money because of this than because of people using cracked versions.

I've downloaded Commview, used Virustotal on it. F-Prot, Panda and Sophos are reporting a problem. I think they all have at least 1 million users. This would result in major problems.

Now exist many AV products but I trust only ONE - KAV (Kaspersky AntiVirus), because it`s really best product )

P.S. If you have problems with antiviruses - to send them the letter with false alarm report and they to include your product in the white list.

I strongly disagree that Kasperky is a good product.

Kaspersky has 99% detection of old viruses.

When it comes to heuristics, rootkits and performance it plainly sucks.

see e.g. c't magazine 1/2008. 6 new rootkits: f-secure could remove 6, nod 32 5, kasperky only 2 (but detected all 6 and was disabled by 4 of them).

performance wise nod32 is 3 times faster.

heuristics detection - kasperky 24%, nod32 68%.

all in all 17 av programs have been tested and none has got a full recommendation, but Kaspersky was average at best.

But this is all off topic. The real problem is false alarms. If at least one of the 10 major AV programs would report our software as suspicious we would loose both money and reputation.

The real problem is false alarms. If at least one of the 10 major AV programs would report our software as suspicious we would loose both money and reputation.

This problems can solve with AV companies (I wrote about this in my last message).

I don't think that companies would like to reveal their protection system names for security and privacy reasons.

By the way there are some solutions for your question (Antivirus false alarms)

1 ) Use PE scramblers to change your executable structures so that no one can detect VMp on them

2 ) Use PE rebuilders like "Lord PE" or .... and rebuild your VMp protected executable.

3 ) Double pack your VMp protected executable with normal packers or compressors like UPX , ASPack or ....


I've used #3 together with #1 and I've got no problems with Antiviruses

lava wrote:I don't think that companies would like to reveal their protection system names for security and privacy reasons.

By the way there are some solutions for your question (Antivirus false alarms)

1 ) Use PE scramblers to change your executable structures so that no one can detect VMp on them

2 ) Use PE rebuilders like "Lord PE" or .... and rebuild your VMp protected executable.

3 ) Double pack your VMp protected executable with normal packers or compressors like UPX , ASPack or ....


I've used #3 together with #1 and I've got no problems with Antiviruses

Can you please let us know what software you used to "PE scrambler"?
Also can you let us know the packers you used after that?

Thanks!

I am happy with VMProtect,
because I submit the file protected by VMP to virscan.org and all major anti-virus engines are happy.