false positive effects hundreds of thousands

[falsepositive23456]

I am the developer of the best batch file compiler. I was informed by a client that there is a false positive with Malwarebytes Anti-Malware.

 

Attached a a bunch of different compiled batch files.

 

Already signed up for many antivirus WHITELISTS to prevent false positives and would like for you to add these files to your WHITELIST program so they do not become false positives anymore.

 

############

Please delete this topic after fixing the false positive. Thanks!

############

 

I do greatly respect Malwarebytes and it is the only security program that I will pay for.

 

False positives are mainly caused by VIRUSTOTAL.com since it forwards false positive files to over 50 AV companies. Many of these new companies blindly add the detections to their definitions without confirming that they are malicious.

 

Read more about how VirusTotal is destroying many software reputations google "automated false positives pandasecurity". If you are a software developer and keep having to submit your software to AV companies to fix false positives, you might want to help spread the word and boycott VirusTotal.com

 

 

[shadowwar]

None of these files are currently detected. We did address this a while back and added these files to the fp server to prevent further detections. The f folder is still on the server as you have sent the same one the last time you reported.

 

I will add the 2.83p folder for good measure though

[David H. Lipman]

I'm sorry but you have Virus Total all wrong.

 

It is nothing but a service that allows suspicious files to be tested against numerous anti malware vendor scanners/engines.  Participating vendors can get submitted files if they do not have a particular sample.

 

False Positives have nothing to do with Virus Total.  The blame falls squarely on each and every vendor to verify and qualify samples and to negate a False Positive that their software may be making.  Sometimes a company may inadvertently blanket a particular compiler or compression algorithm and legitimate files are flagged with the malicious.  Sometimes game manufacturers will use an odd compression algorithm \to obfuscate their code and the games that use it get flagged.

 

A perfect comparative example would be malware written using AutoIt.

 

Please reference: Please read before reporting a false positive

This way you can supply the needed information such that you help Malwarebytes' personnel help you mitigate False Positive declarations.

 

Please do realize that Malwarebytes can only negate False Positives that, MBAM, detects.  You would have to contact each vendor separately and you would have to submit samples of files actually being falsely declared as malicious.

[shadowwar]

Also to elaborate a little on what Dave said..

 

 

Malware uses your compiler which makes it very tough to filter out good files from bad files sometimes when writing definitions. Being we have known good samples on the false positive filter server this should no longer happen from us.