Virus detection has many different ways. It could look for some virus signature you just can hit by chance with either compression or encryption. Then your chances are just a slight modification gets you out of that suspicion.
It could be the policy of data execution prevention. Any mechanism that decrypts into memory and executes that memory would fail and might be suspected to be a virus, If defox does that, defox is dead unless users whitelist that EXE somehow, perhaps.
So I'd first try with any other earlier version or simple modification, if the problem is just that specific exe or the defox mechanism is suspected as virus for how it generally works. Even when defox creates a decrypted exe version in temp or any directory that would alarm AV heuristics suspecting an EXE creating another EXE is a virus.
A signed executable would higher trust, and the other, though not the fastest solution is to let the AV software company analyze your exe and have it white listed or specialize its detection to make a distinction between your EXE and an EXE having embedded the virus it detects. You can't expect that to be part of next days AV virus definition data or detection heuristic, though.
The fastest solution is to let the user exclude exactly this EXE in its version from virus detection, AV software usually can exclude specified directories or single files. And when users trust you, that shouldn't be asked too much and it doesn't effect virus defense and detection of any other files.
One thing to do to guarantee your EXE won't be used as a trojan horse with a virus changing or extending it would be to let it check itself by a signature to see it's in the original state. Are you familiar with cryptographic ideas and concepts? A signature based on a key pair would prevent fiddling with the EXE even if knowing the signature algorithm used and recomputing the signature of a virus modified exe, because you can check the signature with the public key of the pair that can be provided with the EXE, but a new signature needs to be created with the private key you keep for yourself, so there is no chance to modify the exe and change its signature to pass your check.
Which in short means, trust to you and that signature security check gives an OK to excluding that EXE from AV detection without it becoming a weak point.
Chriss