Knowledge Base

Troubleshooting Problems with Anti Virus Tools

The nature of obfuscation and encryption inherently makes it more difficult for the underlying code to be read and modified. This applies to hackers or casual observers, as well as software scanners. Anti-virus services read executable files and check them against a known database of signatures.

When an anti-virus service loads a protected assembly that it cannot analyze it may raise the following error

The type initializer for '<Module>' threw an exception.

Cause

When an executable is loaded into memory, the anti-virus service may scan the executable before allowing it to run. Most major publishers have finely tuned this process to have a minimal impact on the loaded executable. XHEO works with all major anti-virus publishers to minimize any false-positives.

Some anti-virus services use a heuristic system to detect new viruses that they don't have signatures for. Most implement their heuristics by attaching to the loading process as a debugger and stepping through the unrecognized code looking for virus like behavior. 

Assemblies that have been veiled with code encryption (MSIL encryption) enabled include anti-hacking features that change the load behavior when they detect they are being hacked. The debug stepping by virus scanners can be detected as a hacking attempt resulting in the load failure listed above.

Solution

DeployLX Licensing

The error is raised only with the encrypted versions of the licensing runtime. DeployLX includes an unencrypted version of the runtime located at [Program Files]\DeployLX\[Version]\Redistributable\.NET 2.0\Any CPU.

Simply overwrite the existing licensing runtime with the Any CPU version. 

DeployLX CodeVeil

The problem occurs only with the use of code encryption.

To disable code encryption
  • Open your project in DeployLX
  • Select Project Options from the CodeVeil tab if the Ribbon
  • Select the Encryption Options tab
  • Uncheck Enable Code Encryption

Anti-Virus Services

There are two primary solutions for most anti-virus scanners.

  1. If the software offers a "white list" to identify safe programs, add the veiled executable to this list. 
  2. Disable heuristic analysis.

Consult the virus scanner documentation for instructions.

Kaspersky

Kaspersky however, significantly modifies the loading process which can interfere with assemblies that manage their own loading. Kaspersky has ignored our repeated attempts to contact them as well as customer attempts to contact them complaining about interference with veiled assemblies. 

Disclaimer. This workaround contains user contributed content and is not supported by XHEO.
To disable heuristic anlaysis for encrypted assemblies:
  • Open KAV Settings
  • Select the Service node
  • Select Compatibility mode for programs using self-protection

Related Articles

Published : Feb 11, 2009
Updated : Mar 02, 2010
Views : 561

Applies To

DeployLX 3.x
DeployLX 4.x

Creative Commons LicenseDownloads

Tags

Folder

DeployLX DeployLX

View the discussion thread without JavaScript.


XHEO Inc
Copyright © 2002-2010 XHEO INC