Jump to content

community game project false positive


oroechimaru

Recommended Posts

This is a custom client built in C# by our community and contains a false positive from the "machine learning" detection of the scan.

I attached a file in question "razor-dev-preview (1).zip" which is the plugin tool that runs macros for the game client and other game client interactions. I also attached the main project itself (classicuo) for additional future consideration. Thanks a ton for helping our community (UOoutlands.com) . 

 

https://github.com/andreakarasho/ClassicUO

https://github.com/jaedan/razor

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/12/19
Scan Time: 2:17 AM
Log File: 2c971658-8ce2-11e9-902e-1c6f65901ad8.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.11008
License: Premium

-System Information-
OS: Windows 10 (Build 17763.475)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 433014
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 13 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
MachineLearning/Anomalous.100%, C:\USERS\myusername\APPDATA\ROAMING\Microsoft\Windows\Recent\Razor-dev-preview (1).zip.lnk, No Action By User, [0], [392687],1.0.11008
MachineLearning/Anomalous.100%, C:\USERS\myusername\DOWNLOADS\RAZOR-DEV-PREVIEW (1).ZIP, No Action By User, [0], [392687],1.0.11008

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Razor-dev-preview (1).zip ClassicUO-dev-preview-release (5).zip

Link to post
Share on other sites

The method of download I usually do is directly from github . However in this case I utilized a new powershell feature devs assist players with to get the latest alpha builds of the client (both classicuo and razor) via a powershell script.

 

a. shift right click your folder > launch powershell in this folder.

b. run the command below to obtain the latest files:

 

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/markdwags/Razor/master/InstallClassicUOAndRazor-NoDefaults.ps1'))

 

Link to post
Share on other sites

  • Staff

Hi,

I can't reproduce detection anymore, so this might have been fixed already.

Can you rescan again and see if it's still detected? If still detected, can you zip and extract the contents of the archives and scan on them and let me know what exact file is being detected in the archive? This since even extracting these archive files don't yield any detections.

Thanks!

Link to post
Share on other sites

goedemorgen lol


Thanks for the reply. This happened overnight with the passive / background scanner (not an active scan). I have most advance security settings checked (rootkits etc) but I forget off the top of my head (at work) if those are related to the background scanner. I will see if anyone can help test today and will try again tonight. Thanks for testing! 

 

Link to post
Share on other sites

  • Staff

Yes, our detections also apply to the passive/background scanner, mainly when something is launched/executed.

But we typically fix false positives immediately, especially if they are related with our machinelearning detection (as minor FPs might always happen with machinelearning engines), so it could have been a one time detection for you only where it was fixed immediately afterwards. :)

Nevertheless, thanks for the heads-up!

Link to post
Share on other sites

Thanks!

 

I had another user just test it out and had similar issues.

appologies not in  a clean format.. cooy/paste from discord on my android.

 

 Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/11/19
Protection Event Time: 7:58 PM
Log File: be60ade4-8ca4-11e9-a259-00ff67cfb27b.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.11004
License: Premium

-System Information-
OS: Windows 10 (Build 17134.765)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
MachineLearning/Anomalous.100%, C:\Users\RyGull\Desktop\ClassicUO\Data\Plugins\Assistant\Razor.exe, Delete-on-Reboot, [0], [392687],1.0.11004


(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.