Question on False Positive

[Phone Man]

I am not using this Beta but have been following this forum for a while.

How are you handling all the False Positives that have been reported. Are they being whitelisted or are you tweaking your product for better detection?

Jim

[1PW]

Hello Phone Man:

Quote

How are you handling all the False Positives that have been reported.

One of the ways is, the Consumer/beta tester may manually enter an executable's pathname in the MBARW Beta GUI/Dashboard's Exclusion list.  Any other responses are best made by the MBARW developer team or Malwarebytes staffers.

Thank you for your interest in the MBARW Beta testing program.

[bdubrow]

Hi Phone Man--

Both.     We use a combination of techniques to ensure the possibility of a false positive is as low as possible.

The first thing we do is look at the file in question to see why our technology triggered on it.  In this way we can look for ways to avoid the same thing happening in the future.

Certain known and verified Windows system files are essentially whitelisted, but the goal with other EXEs is to minimize the chance of detection by continually updating and tweaking our detection algorithm.  We're able to dynamically update this technology without requiring a full new installer release, though new installers also typically include updates to the detection routine to both improve ransomware detections and avoid FPs.

 

[Phone Man]

Thank you Becky,

Looks like you are taking the correct path to perfect this new product.

Looking forward to its release.

Jim