如何使用 C# 软件避免 Windows Defender 误报?

问题描述 投票:0回答:1

我正在用 C# 开发包含数据包捕获功能的软件。 在 Windows 中,必须将软件配置为 Windows 防火墙的例外才能分析传入数据包。

我尝试了两种方法将软件设置为防火墙例外。这两种方法都效果很好。

第一种方法是使用 

INetFwPolicy2
.

INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
inboundRule.Enabled = true;
inboundRule.Profiles = 2 | 4;
inboundRule.Name = "MyApp";
inboundRule.ApplicationName = System.Reflection.Assembly.GetExecutingAssembly().Location;
// Now add the rule
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(inboundRule);

另一种选择是将批处理文件附加到软件中,并让用户在首次使用该软件之前运行该批处理文件。

@echo off
netsh advfirewall firewall delete rule name="MyApp"
netsh advfirewall firewall add rule name="MyApp" dir=in action=allow program="%~dp0%MyApp.exe" enable=yes

但是,这两种方法都可能导致 Windows Defender 误认为 exe 或批处理文件是恶意软件。 当 Windows Defender 误报发生时,我们要求 Microsoft 修改定义文件。

但是,这种方法需要微软在每次软件更新时修改定义文件。 另外,即使 Windows Defender 定义文件的修改阻止了 Microsoft 一次检测到误报,也可能会导致误报再次发生。

请给我一些关于如何防止我的软件被 Windows Defender 阻止的想法。

c# .net network-programming firewall packet-capture
1个回答
0
投票

防病毒软件根据启发式模式检测软件是否构成威胁。这意味着,如果您的代码结构类似于病毒,或者程序具有类似于病毒的行为(例如打开进程),则防病毒软件可能会将其标记为病毒。如果您想要分发您的应用程序并且不希望它被标记为病毒,您需要与防病毒供应商沟通以不标记您的应用程序,或者购买许可证,或者涉及防病毒检测测量。另一种廉价且简单的方法是让应用程序以管理员身份强制启动。执行此操作的一种方法是在应用程序中使用 'Application Manifest' 文件。

App manifest addition step 1 App manifest addition step 2 App manifest addition step 3

在您的应用程序清单文件中取消注释该字段

<requestedExecutionLevel  level="highestAvailable" uiAccess="false" />

生成的“应用程序清单”文件应该是这样的:

<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <!-- UAC Manifest Options
             If you want to change the Windows User Account Control level replace the 
             requestedExecutionLevel node with one of the following.

        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />

            Specifying requestedExecutionLevel element will disable file and registry virtualization. 
            Remove this element if your application requires this virtualization for backwards
            compatibility.
        -->
        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>

  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <!-- A list of the Windows versions that this application has been tested on
           and is designed to work with. Uncomment the appropriate elements
           and Windows will automatically select the most compatible environment. -->

      <!-- Windows Vista -->
      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->

      <!-- Windows 7 -->
      <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->

      <!-- Windows 8 -->
      <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->

      <!-- Windows 8.1 -->
      <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->

      <!-- Windows 10 -->
      <!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->

    </application>
  </compatibility>

  <!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
       DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need 
       to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should 
       also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. 
       
       Makes the application long-path aware. See https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation -->
  <!--
  <application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
      <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
      <longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
    </windowsSettings>
  </application>
  -->

  <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
  <!--
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
          type="win32"
          name="Microsoft.Windows.Common-Controls"
          version="6.0.0.0"
          processorArchitecture="*"
          publicKeyToken="6595b64144ccf1df"
          language="*"
        />
    </dependentAssembly>
  </dependency>
  -->

</assembly>
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.