Jump to content

False Positives - All VB6 programs

kfp

By kfp
in File Detections

 Share

Recommended Posts

kfp

kfp

Posted
Posted

Hello.  Recently all my VB6 programs are getting quarantined after recompiling them.  The older ones that were compiled months or years ago are ok, but as soon as I make a change to one now and recompile it, it gets flagged as MachineLearning/Anomalous and quarantined as soon as I try to run it.  I'm attaching zipped exe's and reports for two of them, but it's really all of them it's happening to.   Any thoughts or ideas welcome.  Thanks. 

fdb.zip

kipsoh.zip

report-fdb.txt

report-kipsoh.txt

Link to post
Share on other sites
kfp

kfp

Posted
  • Author
Posted

Well here's three more.  Hopefully this helps.  I can't do them all.   After further testing I see that not all are treated the same by MWB:

 

Counter-blocked.zip:  The old exe from a couple of years go was blocked without recompiling it today.  The one attached here is after I recompiled it again today and it got blocked again.

 

morsflsh-ok.zip: The old exe from a couple of years ago ran fine and didn't get blocked.

morsflsh-blocked.zip:  After re-compiling it today it got blocked.

 

lights-ok.zip: The old exe from a couple of years ago ran fine and didn't get blocked.

lights-stillok.zip:  After recompiling it today this one was still ok and didn't get blocked.

 

 

 

 

 

counter.txt

Counter-blocked.zip

lights-ok.zip

lights-stillok.zip

morsflsh.txt

morsflsh-blocked.zip

morsflsh-ok.zip

Link to post
Share on other sites
kfp

kfp

Posted
  • Author
Posted
On 4/17/2018 at 8:55 PM, Atribune said:

Could you send me all of them please.

Thanks for trying to help.  Much appreciated.  They're all still getting detected and quarantined when I try to run them but it's ok.  I added exclusions for the folder they're all located in and I can use them again now.     

Link to post
Share on other sites
ScytheRider

ScytheRider

Posted
Posted

Can confirm. 

I'm a hobbyist VB6 programmer and whenever I try to send a compiled executable to my friends, it gets quarantined on their end.

In fact, this is reproducible with a blank VB6 project. If you create a blank project and then immediately compile it without adding any code or content, the resulting EXE will be flagged as Anomalous 96% when unzipping or running.

I've compiled a blank VB6 app and attached it for demonstration.

blank vb6 app.7z

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.