Getting a false positive to my binary built by visual studio 2019 in 2 locations.
1. When used as a part of IDE (below)
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 09/10/2021
Protection Event Time: 21:06
Log File: 72a4db1e-293c-11ec-ad75-3417eba1c3bd.json
-Software Information-
Version: 4.4.7.134
Components Version: 1.0.1464
Update Package Version: 1.0.45702
Licence: Premium
-System Information-
OS: Windows 10 (Build 19043.1237)
CPU: x64
File System: NTFS
User: System
-Blocked Malware Details-
File: 1
MachineLearning/Anomalous.95%, D:\dev\framework\Ethereal3\MetalMynds.Ethereal.UI.Winpf\bin\Debug\net5.0-windows10.0.19041.0\MetalMynds.Ethereal.UI.Winpf.dll, Quarantined, 0, 392687, 1.0.45702, , shuriken, , 62EA9947D3F945784A79B852FFC84EF3, 6DD7332BEC29FE8AA76C8C691290AB409B6B992FFB5626BD3F555780A3AF35EB
(end)
2. When executed by IDE.
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 09/10/2021
Protection Event Time: 21:25
Log File: 1c8eeba4-293f-11ec-98f8-3417eba1c3bd.json
-Software Information-
Version: 4.4.7.134
Components Version: 1.0.1464
Update Package Version: 1.0.45702
Licence: Premium
-System Information-
OS: Windows 10 (Build 19043.1237)
CPU: x64
File System: NTFS
User: System
-Blocked Malware Details-
File: 1
MachineLearning/Anomalous.95%, D:\dev\framework\Ethereal3\MetalMynds.Ethereal.UI.Winpf\bin\Debug\net5.0-windows10.0.19041.0\MetalMynds.Ethereal.UI.Winpf.dll, Quarantined, 0, 392687, 1.0.45702, , shuriken, , 62EA9947D3F945784A79B852FFC84EF3, 6DD7332BEC29FE8AA76C8C691290AB409B6B992FFB5626BD3F555780A3AF35EB
(end)
Problem for me:
There is no facility to ignore a specific file and that the file and filename is part of the sdk (above net5.0-windows10.0.19041.0) its not really practical to have both of the items in the allowed list.
Work around
1: Allow List. broken very easily!
2: Disable Malware Detection! it works and want it to continue!
Any suggestions Dave