I am a software developer working on a SaaS product with another developer. We use an updater module that automatically updates the software from the server whenever there are changes. We also use an obfuscator to protect our code from reverse engineering. Recently, after a minor update, my Windows Defender alerted me of two trojan malware files in the software. I scanned my computer with Malwarebytes and found 47 malware files, which I quarantined. I contacted the other developer and he said it was a false positive caused by the obfuscator and the updater. He said his antivirus did not detect anything. I checked the files on VirusTotal and some of them were flagged as malicious by different antivirus companies. I am not sure why this happened and how to fix it. I am worried that this will affect our ability to monetize and distribute our software, as well as our reputation and security. I need some expert advice on how to resolve this issue and prevent it from happening again.

How can I resolve the false positive detection of trojan malware in my SaaS product?
Gad Harr Changed status to publish March 1, 2024