Jump to content

Send detected Malware (false positives) directly from MB GUI


hexaae
 Share

Recommended Posts

Please, can you add a handy option to send the detected Malware after a scan, for further analysis when you think is a false positive?

It would be much more handy than logging into this forum and send the samples individually...

In this case for example (I'm sure they are false positive) I'd like to send them to you for further checks directly, if there was a button "Send files for further analysis":

image.png

Link to post
Share on other sites

Greetings,

These detections came from the signature-less anomaly detection/machine learning component in Malwarebytes.  As this component is known to have more frequent FPs due to its nature, I would suggest adding such an option just for detections triggered by this component specifically rather than for all detections, this way the FP reports get to the Developers rather than Research (since the Developers are the ones who would most likely need to handle FPs triggered by this components, not Research as would be the case with more traditional FP detections) and to prevent the bad guys from flooding the Research team with fake FP reports on actual malware files (like when Malwarebytes has added detection signatures for the malware they have created and they want to try to convince Research to remove detection for their malware).

I believe it would be safer and more efficient this way.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.