DrDESidran
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by DrDESidran
-
-
Using Visual Studio 2019. Writing in WPF .NET Core 3.1. I can't embed a PNG image without triggering a false "Machine Learning Anomalous 100%"? Seriously?
-
I assume that your 'machine learning' isn't machine learning by any sense of the word and that it's just a set of stupid rules. One of which is anything with a BMP extension automatically gets flagged. Oh, but what about PNGs? Couldn't malicious code be in there, too? Of course it could. Now I suppose you'll add another stupid rule that anything that ends in PNG must also get flagged. But, let's not stop there! Let's flag all resources because, technically, any of them could be used to hide malicious code.
It's badly written code like this that gives machine learning and AI a bad name. You really screwed the pooch on this. Please forward this to your so-called 'devs'. And, again, this old CS prof that taught machine learning at Research 1 university gives them all a big fat F for turning in a non-working program.
-
-
You are completely missing the point: simply adding a BMP as a resource to a program is causing your POS 'machine learning algorithm' to flag it as a virus. This is so stupid that whoever is responsible for writing this terrible code should be fired and flogged immediately. There is absolutely no reason why adding a BMP as a resource to a Windows program in Visual Studio should cause any false positives.
Simply sending you an EXE and having you register it as a 'safe program' is not a solution. It's not even a work around. It's terrible customer support and terrible business and terrible coding.
I am truly disgusted by your response. Malwarebytes used to be a good product. It sucks now.
-
Should I just tell all of my clients to set exclusion rules so they can run my programs? Because Malwarebytes is flagging the executable on other machines now. You seriously need to solve this problem NOW. I repeat, I did my doctoral research in Machine Learning and whatever you think you're doing is completely screwed up! Simply attaching a BMP as a resource triggers your brain dead 'Machine Learning' algorithm. This is terrible. As a former CS prof I'm giving you guys a big fat F (as I would to any of my students who turned in a project this messed up).
-
-
Further investigation shows that your Machine Learning is barfing on the inclusion of a BMP as a resource. This is pathetic. Please do something about your terrible Machine Learning algorithm. Seriously? Including a BMP as a resource is enough to trigger? Terrible!
-
I'm a developer. I'm writing in C# WPF and am using Visual Studio 2017. I just added a simple new window to my program and Malwarebytes is now falsely declaring the EXE as 95% anomalous. At first, I thought it was because I had included a BMP resource, but I removed that and it's still being tagged. I've got nothing now except opening up a second window and it's still being tagged. Literally, simply creating a XAML document for another, empty, window is enough to trigger your Machine Learning.
Okay, now I have to say this: My doctorate is in Computer Science. My research area is Machine Learning. And your Machine Learning algorithm really sucks. This is not the first time I have had my development stopped dead in its tracks because of false positives from your Machine Learning algorithm. Seriously. Please just remove it. It's terrible. There's no point in sending you the XAML code because it's literally just opening up another window.
Please do something immediately. Malwarebytes has effectively stopped all development on this project because of your false positive.
-
8 minutes ago, miekiemoes said:
Hi,
We would love to get some additional files from you (the .arw captures)
Can you also zip the folder ARW present in the C:\ProgramData\Malwarebytes\MBAMService folder?
This file (zipped folder) might be too big to attach here, so can you upload it somewhere, so we can collect it easily?
Thanks!
Attached.
-
Just now, miekiemoes said:
Hi,
Yes, I asked someone from our Anti-ransomware team to give some more insight why the trigger happened.
Thanks.
-
1 minute ago, miekiemoes said:
Hi,
I can't tell for sure, but it's possible why this is triggered.
Well, try to confirm that process.start is the culprit and we'll use another call.
-
I did a rebuild of the EXE because Malwarebytes locked the original. But the checksum should be the same.
Could the call process.start to open the Wikia web page https://general-staff-wargaming-system.wikia.com/wiki/General_Staff_Army_Editor cause the False Positive?
-
Zip file of EXE and LOG attached. EXE won't run without lots of other supporting files.
-
I've been using MalwareBytes since the very beginning. But, recently, we're getting plagued by false positives for our own code!
I just did a build of our new game and MalwareBytes tagged it as Ransomeware probably because we use an online Wikia for documentation.
What gives? Is this the case? How can we stop this?
-
3 minutes ago, KenW said:
DrDESidran stop being so dramatic. The issues has been reported my me and others. Give them time to look at the problem.
Dramatic? Really? As a computer science professor I would not only give the author of this heuristic an 'F' I would seriously doubt their ability to be a commercial software developer. You simply cannot release a commercial product that creates false positives like this. Think of the ramifications. Who is the user going to blame? Malwarebytes or my software? The economic consequences of a false positive could be disastrous. If Malwarebytes false positive is responsible for the loss of sales of commercial software are they legally responsible? What if Malwarebytes falsely flags mission critical or life saving software and the user then deleted the wrong program?
In grad school at a Research One university you are required to take computer ethics classes. This is a text book case of a company behaving irresponsibly. Malwarebytes should immediately discontinue incorporating this heuristic.
-
This is really a shame. For years I encouraged my students to use MalwareBytes. The heuristic you're using is badly flawed. This is an example of what my British friends call, "far too clever by half."
-
32 minutes ago, dcollins said:
Not asking for source code, just the compiled executable that is being detected
I would also have to include numerous dependent and proprietary files. I cannot do this.
-
8 minutes ago, dcollins said:
@DrDESidran can you please private message me a copy of your files that are triggering this issue? Thanks
This is commercial software. We cannot and will not send source code.
-
We are experiencing the exact same problem. One of our new programs is being flagged as a false positive, "MachineLearning/Anomalous.95%"
We've done some tests and discovered that even a short program using 7z will trip this false positive, too.
I have been a user of Malwarebytes for many years. But, as a computer scientist, I have to say that your heuristic is badly flawed. I urge you to remove this heuristic immediately until you are able to rewrite it and stop these false positives.
I can't embed an image as a resource?
in File Detections
Posted
Apparently there's no way to edit this.