Hitman Pro question to clear false positive

Hi there,

One of my customers use Hitman Pro antivirus and it’s returning a false positive. I contact Hitman Pro to clear the false positive and they are asking me the following question:

“Our team has analyzed your application and they are seeing some particularly strange behavior.
Is there any particular reason to start the mapped PE file on the heap via an APC instead of calling it directly or via an own created thread?”

Can you please advise?


XLS Padlock uses virtualization to pack all of its internal components into one single EXE file, especially for Universal format. That’s probably why they see that behavior. Which version of XLS Padlock are you using? And

I am using the latest 2018.2 version, and the EXE file is Universal format.
I have just replied to Hitman Pro, will let you know if they have any other question.