Question : WriteProcessMemory and fale positive detection by BitDefender

I'm working on a project which is written in C++, it uses WriteProcessMemory to allocate and access memory of a different process. The final compiled exe file is detected as virus by my BitDefender Total Security 2009, this is obviously a false positive detection. I checked my code and when I comment the line which calls WriteProcessMemory, my antivirus does not detect it as a virus.

Is there a problem with using WriteProcessMemory?
How can I solve my problem?
As this project is going to be distributed, so I cannot ask end users to add exception for this file.

I tested my app with some other anti virus as well and did not find any problem regarding the use of WriteProcessMemory.

Just to mention BitDefender says my file behaves like Win32.ExplorerHijack (even before executing the file) and deletes it.

Answer : WriteProcessMemory and fale positive detection by BitDefender

WriteProcessMemory is considered an exploit by some scanners, because it can potentially write in other processes memories (actually: that's precisely what it does). It is very common that non-standard behaving applications are considered harmful if they act the same as viruses.

If your application needs to do this for whatever reason, it is fair that you warn your users, you have to, anyway, because they need administrator rights to run your application, I believe (the PROCESS_VM_WRITE and PROCESS_VM_OPERATION access rights), otherwise WriteProcessMemory will fail.

Other then that, you can send your application to BitDefender for analysis. I've had so many tools on my system that are considered viruses, as a developer I often need to poke around, and many such tools, even my own, are often considered harmful by eager anti virus scanners.

-- Abel --