Jump to content
gdiObjects

Perspective tagged as (Malware.Ransom.Agent.Generic)

Recommended Posts

Hello,

A software product I develop (Perspective for Windows) has suddenly been tagged as Malware.Ransom.Agent.Generic.

I'm attaching the digitally signed installer, the exported report and the log file (C:\ProgramData\Malwarebytes\MBAMService\logs).

 

Additionally, here's a link to the virustotal scan results page:

https://www.virustotal.com/#/file/c89d08c4848f0e0cba194ea6d4a95aa6d6825025a2807d0063f750587dc991c9/detection

Thank you for your help.

 

MBAMSERVICE.LOG PWCInstall.zip False Positive - Perspective.txt

Share this post


Link to post
Share on other sites

Hi,

Thanks for reporting. Can you verify if this is still detected? This since I can't reproduce detection here anymore.

I remember we have fixed this earlier today already.

Thanks!

Share this post


Link to post
Share on other sites

What's interesting is that it never detected this until I created an updated build last night.  I was editing the help file (while Perspective was running in the background) and all of the sudden I saw the red malwarebyes box asking for a reboot.

I added it as an exclusion so I could keep developing.

What do you mean by "I remember we have fixed this earlier today already."  This is the first time I've posted here.

I also have another product "fotoXplorer" not yet released but also generates the same false positive because it uses available threads/cores to process (transform) images.  Can I upload it even if it hasn't been officially released (the help file is incomplete)?

Share this post


Link to post
Share on other sites

Hi,

My mistake, it wasn't perspective.exe we have fixed earlier today, I confused with another program.

In either way, this shouldn't be detected anymore either.

Share this post


Link to post
Share on other sites

Do I need to do something to malwarebytes..clear a cache or simply remove the exclusions and all will be ok? Do you whitelist based on code-signing certificate or product release versions and do I need to resubmit when there is a new build?

Also, with regards to fotoXplorer.  Can I submit an unreleased software product?  Technically, I can't release it until the false positive is address.

Note: it's easier to recreate the problem with fotoXplorer because malwarebytes' signatureless (behavioral) detection sees it as ransomware because it can operate on multiple photos at the same time (multi-threaded processing).

Share this post


Link to post
Share on other sites

As for FotoXplorer, before releasing it, yes please submit to us (you can post it in a private message to me if you don't want to post it public), so we can verify if detected and fix it.

And no, normally you don't need to clear a cache or anything, so you can remove your exclusions.

However, on the other hand, while you are developing, it's still a good idea to create an exclusion for the folder where your files are in. Then when you're about to release, you can verify if the new one is getting detected again and  submit it to us as well.

Thanks!

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.