Jump to content
FalselyAccused

False Positive detected for my program

Recommended Posts

Customers are having difficulty running my product, the EZ Play DJ (see www.ezplaydj.com) because it is being identified as having 'MachineLearning/Anomalous.100%'.  I believe it is a false positive.  Please analyze this ASAP.  I had a similar problem at least twice before, and you fixed it those times.  This program is used by hundreds of dance studios and is used for dance competitions. I'd hate to see one of those DJs get the program quarantined just before a competition.  It has to work again ASAP. Thanks.

EZPlayDJ.zip mbst-grab-results.zip Detection-Log.txt

Share this post


Link to post
Share on other sites

It happens on my PC.  I tried restoring it in the Malwarebytes GUI a few times and kept getting the detection until I figured out that restoring it wasn't enough -- I had to add it to the Allow List to quit getting the detection.  

This is a new computer and i installed Malwarebytes within the last few days.  Maybe the installation doesn't automatically update the virus definition file.  The new minimalist GUI doesn't tell me how old the file is.

I have updated the virus definition file and restarted the computer.  I removed ezplaydj.exe from the Allow list and am now getting the detection again.

What would you like me to do next?

And longer term, what can I do?  This is a VB6 program wrapped by Instant Protection Plus from softwarekey.com and in an installation file created using Inno Setup.  I suppose I should get an SSL certificate and protect something (unwrapped exe, wrapped exe, installation exe, who knows).  Is there anything else I can do?  I am rewriting the program in C#, but I need an interim solution.

Thanks.

Share this post


Link to post
Share on other sites

Hello,

Please try the following:
Right click Malwarebytes by the clock >> shut down Malwarebytes. Confirm OK if prompted.
Go to:
C:\ProgramData\Malwarebytes\MBAMService (if you copy/paste that path into a new explorer window, you won't need to unhide system files)
Locate HubbleCache file and delete it. Confirm OK if prompted.
Restart Malwarebytes
Go ahead and remove the file from your custom exclusions list, restore file from quarantine, and re-scan.
It should be OK now. Confirm?

As for what you can do to prevent future detections with newer versions, indeed having the file signed can help. I'll check with one of my colleagues to see if we can tweak something else. 

Share this post


Link to post
Share on other sites

Thanks for the new log. 
We fixed the issue not too long after you posted your new log. Should be good. Confirm?

Thanks for reporting this!

Share this post


Link to post
Share on other sites

It is indeed the same. Not sure if you saw an earlier reply .. I'll repost it here:

Please try the following:
Right click Malwarebytes by the clock >> shut down Malwarebytes. Confirm OK if prompted.
Go to:
C:\ProgramData\Malwarebytes\MBAMService (if you copy/paste that path into a new explorer window, you won't need to unhide system files)
Locate HubbleCache file and delete it. Confirm OK if prompted.
Restart Malwarebytes
Go ahead and remove the file from your custom exclusions list, restore file from quarantine, and re-scan.
It should be OK now. Confirm?

Share this post


Link to post
Share on other sites

Hello,

Glad that worked. The file being signed should help. If it ends up being detected again, please do as you have done already and report it and we'll investigate further.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.