Jump to content
Lellson

C# program flagged as malware. False positive

Recommended Posts

Hello,

I wrote a program which creates music sheets from a MIDI file (written in C# with WPF) for a company.

After I sent the first test version to the company I got a reply that Malwarebytes flags the program as malware (MachineLearning\/Anomalous.100%).

This is obviously a false positive and I wanted to ask how to fix this.

I already tried to remove or change some parts of the code but without success.  

It would be really helpful if someone could look at my logs and tell me what I've done wrong (I'll attach them). I sadly can't upload the source code to this public forum, but I could send it to you privately if you need it.

 

Thanks a lot!

Lell

malwarebytes LOG.zip mbst-grab-results.zip

Share this post


Link to post
Share on other sites

We'll need the file in question in order to review.

Share this post


Link to post
Share on other sites

 

18 minutes ago, cli said:

We'll need the file in question in order to review.

Which files do you mean? The source code?

Thanks!

Share this post


Link to post
Share on other sites

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.

This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

If still detected on your end after ~10 minutes from now. Perform the following steps: 

  1. Totally exit/shutdown Malwarebytes.
  2. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService
  3. Delete the following file only: hubblecache
  4. Then you can restart MBAM and the cache file will rebuild on the next scan.

Share this post


Link to post
Share on other sites
20 hours ago, thisisu said:

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.

This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

If still detected on your end after ~10 minutes from now. Perform the following steps: 

  1. Totally exit/shutdown Malwarebytes.
  2. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService
  3. Delete the following file only: hubblecache
  4. Then you can restart MBAM and the cache file will rebuild on the next scan.

Thanks a lot!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.