Jump to content

Recommended Posts

Malwarebytes in good company (https://www.virustotal.com/#/file/035877bf8ca678541a8142e65e7f4bccd8d903642aac93deedf0276561aa57f1/detection )detects and quarantines a commercial cots component from DataAccess corporation. Product info https://www.dataaccess.com/products/dataflex/features-243

 

Problem statement, The compiled web apps are triggering false positives by MalwareBytes which result in quarantine. The files are believed benign, system is clean room level pristine clean

Latest rev of MalwareBytes and signatures and the vendor product DataFlex2017-19.0.33.4.Studio.exe
www.malwarebytes.com

-Log Details-
Scan Date: 11/20/18
Scan Time: 5:55 PM
Log File: 6b17659c-ed17-11e8-bfd2-d8cb8aefeb7e.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7943
License: Premium

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: DESKTOP-U0ISPN2\backup

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 5
Threats Quarantined: 0
Time Elapsed: 0 min, 11 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 2
MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943
MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943

Module: 2
MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943
MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

WebApp.7z

Share this post


Link to post
Share on other sites

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.

This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

Also, in case you want to know more about this type of detection, please see here: 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.