Programmers Question: Nod32 thread my code as virus

Why does the use of the functions

WriteProcessMemory
CreateRemoteThread

trigger "Probably unknown NewHeur_PE virus"?

I am a programmer and use this functions to run my own to the main program attached exe files from memory, without saving them to disk (preventing that user just copy and use them for something else). Since the last nod32 update, I cant compile my projects any longer, if they use this 2 functions in the code.
Thats not a virus, I am not writing a virus.

I think, nod32 believe based on this 2 functions that something weird is going on and block it.

What can I do about it? I currently do not know another way of running an exe from memory without processing "by hand" what the exe loader of windows does.

 

Hello,

please submit the program to support @ eset.com with a link to this thread provided its size is less than 3 MB. If you've created more versions of it, attach at least 2 or 3 of them.

 

I can not submit it, because I can not compile it, cant create the exe. I could only post here the 2 lines of code which triggers nod32.

 

Disable AMON, compile it and then submit it for analysis.

 

There is nothing to analyse. I figured just out that if you use BOTH functions in one program, it triggers nod32. If you use one of them only, nothing happen.
Mean, amon check for the existance of WriteProcessMemory and CreateRemoteThread. If both are found, it is triggered. I also know that this functions can be used to inject something in other executables or dll's and believe thats the reason why they are blocked. So there is nothing to analyze and I can not do anything about it, because I can barely tell my clients "Please switch your amon off if you want to use my program". Solution: Finding other ways to prevent unauthorized use of in my main program embedded tools.
Just close/delete this topic. Thanks.

 

If you can submit them for analysis ESET could mark them for no detection because of FP after analysis.

As Marcos said, 2 or 3 at least would be better if you have different versions compiled.

Cheers

 

Problem here would be that I compile almost 100 versions a day, until the project is complete in a month or so and I CAN NOT submit everytime I compile it. However, there is not way around it. Its correct that nod will make alarm, because this 2 functions can be also used to inject any exe into a running process, which is not a good idea and should be blocked by nod, so I just find other ways around it to protect my tools.
Maybe this topic should be closed or deleted, it will not lead to a solution.

 

Done