Jump to content

MachineLearning/Anomalous False Positive (i am a developer/MBAM premium))

thedrs

By thedrs
in File Detections

 Share

Recommended Posts

thedrs

thedrs

Posted
Posted

Hi,

This is quite annoying.

Your ML algo. requires some tuning, i wrote a simple prog (1000 lines) in c# winforms that reads files, calculates stuff, writes report files - no internet connections and no low level file access.

MBAM shows :

MachineLearning/Anomalous94/95

I tried to sign it as you advised and still have the problem. I don't want to sign it though.

I uploaded it to virustotal and nothing was found by any AV prog (but my own purchased MBAM does detect this)

Please help, i don't want to go through this MBAM forum process each time i add a new feature and compile it.

Thanks

 

I

cryptoIRS.7z

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Greetings,

Until a member of Research responds, I'd recommend excluding the folder where your compiled binaries are stored just to prevent detections while you're creating your programs.  Exclusions are recursive so only the parent directory where the detected executables are stored needs to be excluded.  You'll find details on how to create an exclusion under the Exclude a File or Folder section of this support article.

Assuming they aren't able to whitelist your files automatically going forward for your releases, at least this will save you the trouble of having to deal with each build being detected once compiled and you can submit your files for whitelisting if necessary once you're ready to actually publish a new build that way it won't be detected for others who might download your application (though hopefully Research will be able to provide a more permanent solution for your files going forward).

With regards to why the files are being detected, I can only speculate, but I do know that if a file has common traits of malware such as being packed with certain packers or containing Microsoft version info for non-Microsoft files those are a couple of the criteria I believe the heuristics engine looks for (there are many others as well obviously, those are just some of the more common ones I see being reported for FPs from developers).

Anyway, I hope this helps, and hopefully they will be able to tune the engine not to detect your files going forward.

Link to post
Share on other sites
thedrs

thedrs

Posted
  • Author
Posted

I am not packing with any 3rd party, just visual studio compulation to exe. 

My program is already ready for publish but i am not publishing because of the false positive. 

I am going to add features daily and republish everyday. Will i have to contact your every day to whitelist my new compilation? 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept