Jump to content
SaviorXTanren

MachineLearning/Anomalous False Positive

Recommended Posts

Hi, I have the following side-application that I recently developed along side a product that I maintain. Unfortunately, some of our users have run into issues or been unable to use this due to MalwareBytes detecting it as MachineLearning/Anomalous and quarantining it. Specifically, the executable "MixItUp.AutoHoster.exe" is what is being flagged.

Below you'll find a link to the source code for this application, as well as the compiled version attached. I would request that this be added to the database of known good applications so that our users can use it without issue. Thank you.

https://github.com/SaviorXTanren/mixer-mixitup/tree/master/MixItUp.AutoHoster

MixItUp.AutoHoster.exe.zip

Share this post


Link to post
Share on other sites

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.

This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

If still detected on your end after ~10 minutes from now. Perform the following steps: 

  1. Totally exit/shutdown Malwarebytes.
  2. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService
  3. Delete the following file only: hubblecache
  4. Then you can restart MBAM and the cache file will rebuild on the next scan.

F4D803E7290E2FEB59029495E5C1BD8E

Share this post


Link to post
Share on other sites

Hi, you said that it should be fixed now, but we are still having users that are running into this issue. How exactly are you ensuring that it won't be detected? It is based on the executable name? A check-sum?

I've re-uploaded the bits here with what is the latest version, which has been updated since the last post. If it's based off of a check-sum of the executable, then we're going to need a better way to exclude it as updates are deployed for it fairly regularly.

MixItUp.zip

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.