Jump to content
jdoran

False detections

Recommended Posts

Normally not a bad thing, as I can exclude folders.  But this is causing me grief.

Visual Studio project, added graphics to some buttons, now get detected as "MachineLearning/Anomalous.94%".  Not even close.  Back to school with you MachineLearning.

But...  MalwareBytes is insisting that it wants to reboot my machine.  NO.  I will uninstall if I have to.  YOU DO NOT NEED TO PERFORM A REBOOT TO QUARANTINE AN EXE!
This is a case of MalwareBytes acting more like Malware than doing anything useful.  I can't even restore the files.

Attached is a zip with the offending program.

GRemote.zip

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

What is really pissing me off is that I cannot continue my project development, because the executable is "open".  Builds fail to link.  I cannot delete the exe.
Even after quitting MalwareBytes.

I paid for you to do this to me...

Share this post


Link to post
Share on other sites

Greetings,

I've asked the forum moderators to move your thread to the false positives area so that a member of Research can review the FP and get it corrected.

In the meantime, if you do reboot then the file will be deleted due to the Delete on Reboot (DoR) technology that Malwarebytes uses for cleanup of detected items, however once that occurs the file will be placed in quarantine and you will then be able to restore the item from quarantine in Malwarebytes.  After that you may exclude the process/folder until the Research team gets the issue corrected in the database.

Share this post


Link to post
Share on other sites

Thanks.

I ended up "rebooting" anyways, as when I tried to use ProcessExplorer to find out who had the handle open, Windows 10 came crashing down with a missing index.
This was just an exceptionally annoying experience as I am on a deadline.

I have nothing against Delete on Reboot, except that I should be able to cancel the reboot/delete when I feel that a false detection has occurred.  Making me reboot my machine to correct the mistake is a poor design decision.

Share this post


Link to post
Share on other sites

Yes, I've requested in the past that they offer a 'restore and ignore' function to Quarantine to allow items to be restored and added to exclusions in a single click and also to provide the option to restore/exclude an item pre-reboot and edit or delete the DoR script accordingly so that the item(s) which were removed by the user do not get deleted on reboot but it would probably be quite tricky to implement.

Still, I will point them to this thread for reconsideration and hopefully it's an area where we will see some usability improvements in the future.

Thanks for your feedback.

Also, just in the meantime, a tip when dealing with the machine learning component: it doesn't like unsigned files or files with inappropriate version information (like files signed by Microsoft/from Microsoft Corporation etc. when they are not) which can make it tough on independent developers, so the best solution is to generally just exclude your entire working directory for your projects that way it doesn't flag any of your executables.  I'm sure you've already done this but thought I should write this anyway for anyone else who might come along with a similar issue.

Share this post


Link to post
Share on other sites

By the way, you can find more info on the machine learning component and how it flags things (as well as further tips on how to avoid it when building your programs) in this post from the Malwarebytes Director of Research.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.