Btw: iirc, Comodo would consider your application a false positive too. Many rootkits use the VirtualAllocEx / WriteProcessMemory to inject themselves in other processes, see page 8 in this PDF http://islab.oregonstate.e
I'm not gonna defend BitDefender, I don't even use it, but I can understand where it's coming from when it blocks your app. Consider putting yourself on a safelist during installation of your program, or warn for this behavior when you detect presence of BitDefender.
Main Topics
Browse All Topics





by: abelPosted on 2009-06-18 at 03:43:25ID: 24656105
WriteProcessMemory is considered an exploit by some scanners, because it can potentially write in other processes memories (actually: that's precisely what it does). It is very common that non-standard behaving applications are considered harmful if they act the same as viruses.
If your application needs to do this for whatever reason, it is fair that you warn your users, you have to, anyway, because they need administrator rights to run your application, I believe (the PROCESS_VM_WRITE and PROCESS_VM_OPERATION access rights), otherwise WriteProcessMemory will fail.
Other then that, you can send your application to BitDefender for analysis. I've had so many tools on my system that are considered viruses, as a developer I often need to poke around, and many such tools, even my own, are often considered harmful by eager anti virus scanners.
-- Abel --