Hello mkaring, Hello fellow ConfuserEx fans,

I am trying to obfuscate my WPF/C# desktop application as much as possible using mkaring's ConfuserEx, but without triggering anti-virus false positives when I release my beta version in a couple of months.

1. What advice can you give someone like me, who is trying to find a "good balance" between the strongest possible obfuscation and not triggering anti-virus false positives?

2. What protections should I turn off in my .crproj file to accomplish this?

So far I have turned off the following:

Protection 1 I turned off: "anti tamper". Reason: because lots of people (including mkaring) in lots of issues across all 3 ConfuserEx branches have mentioned that "anti tamper" is the worst for anti-virus triggering.

Protections 2 and 3 I turned off: "anti dump" and "invalid metadata". Reason: Because without turning off these 2 protections as well, my exe is unverifiable via PEVerify, which I run using the following command at the Visual Studio 2019 command prompt:

peverify "<File Path to My Obfuscated Exe>"

I've seen some ConfuserEx issues where people suggest making sure that one's obfuscated executable is verifiable, so to accomplish this I had to turn off all 3 protections mentioned above, and avoid any "<argument>" name-value pairs that the ConfuserEx documentation mentions "produce unverifiable modules".

3. Do you think that my choices of turning off the three protections mentioned above ("anti tamper", "anti dump", "invalid metadata") were good ones, or would you recommend turning off a different set of protections?

I hate to turn off "anti tamper" because I love how it removes the code from my methods (!!!) (sorry nosy competitors!) without breaking my application and maybe would stop hackers from being able to remove the licensing code (which I am sure is easy to find somehow), and I hate to turn off "anti dump" and "invalid metadata", because I want the most protection possible.

4. Should I turn off ConfuserEx features that make each build a little different than the last, so that anti-virus companies don't think that each new version is a completely different piece of software with potential for new threats?

Some examples of this include:

1. renaming changes the names every time

2. I use "resources" protection, which I think I read in another issue somwhere might produce different results each time, but I am not sure.

Thank you so much!

glasgowrob