Dude, You don't know what you're talking about, do you? Sorry, NOOO, you definitely don't. If so, you will NEED to combine broad technical skills with specific SECURITY KNOWLEDGE along with various SOFT skills like I do!!!!
Sorry, but saying "You don't know what you're talking about" doesn't make any of what you said anymore right. It sound as pretentious as "you don't know who I am"...
Though YOUR PRODUCT is using this encryption and obfuscation via packers in an attempt to protect the executable code from malware, there's simply NO WAY that the behavioral and other security product detection modules can know this, so it will of course be treated exactly like any unknown, POTENTIALLY MALICIOUS PIECE OF SOFTWARE.
And here you are now contradicting yourself because, first you said "antivirus whitelists know packers", now you are saying we shouldn't use them in the first place, when I said this approach wouldn't obviously work, because they would theoretically have to verify the specific license of the packer, in order not to blacklist its userbase, which is in fact is precisely what's happening, which is wrong.
Are you now trying to say JUST using a packer is by itself a "questionable practice" ? Name me ONE product that has in some way any relationship with verification of licenses that is not packed/obfuscated in some way.
It would be irresponsible if it didn't because, for example, someone hacking it might modify the software to, for example, steal the activation key and use that to obtain the user data, for example. Obfuscation and protection against tampering is not "just" to protect from piracy, but also to protect users from hackers that would modify that software.
And this is the point
The point was the Software Taggant IEEE standard was precisely to allow software to use packers to defend *itself* against malware, without IT being recognized as such. Are you trying to say all those security expert and antivirus vendors who discussed it "didn't know what they are talking about ?"
If you think logically about this situation, you quickly realize that it's not possible for Microsoft or whatever Antivirus Software to scale the operation of a whitelist for the large numbers of individual software applications that are created in order to remain vigilant against the much larger numbers of individual malware now created daily. The automation of this malware creation and packaging means that such a whitelist would quickly become unmanageable no matter how efficient the system operating it might seem initially.
It's not true they cannot maintain a per-executable whitelist, because they obviously do since, when we DO report a false positive for a specific executable, they DO add its hash to the white-list so no, the list CAN be maintained.
But you are just making my point here, because making a false positive report to everybody is too much for us instead, because while antivirus vendors hire support people just to keep up with false positives, we surely cannot afford that.
And again, that was the point of using digital signatures, software taggant and packers whitelists. Which some ( NOT ALL! ) antivirus vendors seem to trust less than THEIR QUESTIONABLE HEURISTIC.
Topic is locked, since it's completely useless to discuss about antivirus theory, just because for some reason the Live Updater didn't start from the shortcut, but did when started manually, which I only guessed it was something related to the antivirus, since I'm fairly sure you surely know there musn't be ANY difference ( the shortcut points to the same .exe ), in normal operation and, usually, when something inexplicable with the standard OS behavior happens, the antivirus are usually involved, since they run with way higher access level than most of the user programs.