Jump to content

MachineLearning/Anomalous.95%


Agent00C4
 Share

Recommended Posts

The main executable for one of my projects is flagged as malware.
I have source code located at a repo here: https://github.com/misterperson/Dark-Souls-2-Armor-Optimizer
It is a C# GUI that writes values to 4 separate JSON files then captures the output from an executable run from the same directory.

Attached is the scan report as well as the entire contents of the directory the item was detected in.

False_Positive.zip

edit: didn't read full instructions. Scanning again with /developer and will update the log file in the morning

edit2: didn't understand that instructions differ for each version. Above attachment is actually indeed correct ?

Edited by Agent00C4
Link to post
Share on other sites

  • Staff

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.

It's also always a good idea to digitally sign the files.

This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

Link to post
Share on other sites

  • 2 years later...

Hi,

The same happened with our totally harmless University scheduling software - on site www.wisetimetable.com, download is: www.wisetimetable.com/Downloads/wttu.exe

This is self-extracting archive and then setup.exe is designated by Malwarebytes as having this MachineLearning/Anomalus95% malware. We even do not know what it is :)

Can you please adjust your algorithm because it is commercial software and we lose business because of such reports... The same goes for www.wisetimetable.com/Downloads/wttu.exe

 

Thank you

Mihovil Santic

Wise Technologies

Link to post
Share on other sites

Porthos, you are right. The Browser guard (SmartScreen from Microsoft) is our first problem, preceding this one I have described - we are solving it with SSL code sign - waiting for it. Can I post our installation (setup.exe) somewhere on your server so you can check it? Maybe you have such service already (to report false positives) but I am not aware of it...

Thanks

Mihovil

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.