Jump to content
DrDESidran

Machine Learning Anomalous False Positive

Recommended Posts

I'm a developer. I'm writing in C# WPF and am using Visual Studio 2017. I just added a simple new window to my program and Malwarebytes is now falsely declaring the EXE as 95% anomalous. At first, I thought it was because I had included a BMP resource, but I removed that and it's still being tagged. I've got nothing now except opening up a second window and it's still being tagged. Literally, simply creating a XAML document for another, empty, window is enough to trigger your Machine Learning.

Okay, now I have to say this: My doctorate is in Computer Science. My research area is Machine Learning. And your Machine Learning algorithm really sucks. This is not the first time I have had my development stopped dead in its tracks because of false positives from your Machine Learning algorithm. Seriously. Please just remove it. It's terrible. There's no point in sending you the XAML code because it's literally just opening up another window.

Please do something immediately. Malwarebytes has effectively stopped all development on this project because of your false positive.

 

Share this post


Link to post
Share on other sites

Further investigation shows that your Machine Learning is barfing on the inclusion of a BMP as a resource. This is pathetic. Please do something about your terrible Machine Learning algorithm. Seriously? Including a BMP as a resource is enough to trigger? Terrible!

Share this post


Link to post
Share on other sites

Hi and sorry to hear about your false positive issues with our machine learning.

 

Please read the following for a more open explanation of how it works and how to mitigate against potential F/p detection(s) at the bottom of the article.
 

 

Edited by Fatdcuk

Share this post


Link to post
Share on other sites

Your 'Machine Learning' algorithm is barfing on simply adding an image with a BMP source! I'm using Visual Studio 2017.

I've attached a screen shot with the 'offending line' commented out. This is a very common thing to do! Jeez!

ML Barf.jpg

Share this post


Link to post
Share on other sites

Hi

Did setting exclusion rule(s) for your working folders resolve the false positives alerts ?

Share this post


Link to post
Share on other sites

Should I just tell all of my clients to set exclusion rules so they can run my programs? Because Malwarebytes is flagging the executable on other machines now. You seriously need to solve this problem NOW. I repeat, I did my doctoral research in Machine Learning and whatever you think you're doing is completely screwed up! Simply attaching a BMP as a resource triggers your brain dead 'Machine Learning' algorithm. This is terrible. As a former CS prof I'm giving you guys a big fat F (as I would to any of my students who turned in a project this messed up).

Share this post


Link to post
Share on other sites

Hi

Sorry for any confusion as your other created topic did not say you had clients that were affected so the standard advice is to create ignore rules for working folders if you are creating new files locally which are triggering detection(s).

However if any finished project(s) which are being distributed are detected then please submit detected file(s) to us so we can  review and add it to our database of known good apps as well to prevent this in the future.

Edited by Fatdcuk

Share this post


Link to post
Share on other sites

You are completely missing the point: simply adding a BMP as a resource to a program is causing your POS 'machine learning algorithm' to flag it as a virus. This is so stupid that whoever is responsible for writing this terrible code should be fired and flogged immediately. There is absolutely no reason why adding a BMP as a resource to a Windows program in Visual Studio should cause any false positives.

Simply sending you an EXE and having you register it as a 'safe program' is not a solution. It's not even a work around. It's terrible customer support and terrible business and terrible coding.

I am truly disgusted by your response. Malwarebytes used to be a good product. It sucks now.

Share this post


Link to post
Share on other sites

So quick question for clarifcation with the devs. Is all you are doing is adding a bmp resource with no other code or does other code exist also in the file?

 

Share this post


Link to post
Share on other sites

That's it. Just simply adding a BMP resource is all it takes. That's it! Look at the XAML code below.

I have since discovered that simply changing the BMP to a PNG will thwart your mighty machine learning AI!

 

ML Barf.jpg

Share this post


Link to post
Share on other sites

If its just a bmp resource and no other code then it will definitely trip as that is an anomalous file. Malware often uses the bmp resource trick to hide code and dump it from the resource. I recommend excluding your working directory till the file is code complete then see if we detect. I have forwarded your information onto the people in charge of this. 

 

Share this post


Link to post
Share on other sites

I assume that your 'machine learning' isn't machine learning by any sense of the word and that it's just a set of stupid rules. One of which is anything with a BMP extension automatically gets flagged. Oh, but what about PNGs? Couldn't malicious code be in there, too? Of course it could. Now I suppose you'll add another stupid rule that anything that ends in PNG must also get flagged. But, let's not stop there! Let's flag all resources because, technically, any of them could be used to hide malicious code.

It's badly written code like this that gives machine learning and AI a bad name. You really screwed the pooch on this. Please forward this to your so-called 'devs'. And, again, this old CS prof that taught machine learning at Research 1 university gives them all a big fat F for turning in a non-working program.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.