False Positve : EZhelp20.exe

[CPC]

EZhelp20.exe is currently being detected as follows...  MachineLearning/Anomalous. 100%

I wrote and have been using EZhelp to support windows users for over a decade helping people removing viruses and malware ( installing malwarebytes for those customers thousands of times.)

EZhelp wraps UVNC and does the following vs the default uvnc...Its a portable on demand  program that runs only upon the user's command to do so, blocks incoming connections, only allows 1 secure outgoing reverse connection and forces the use of encryption to connect only to my support helpdesk ipaddress....   This is all done to make if extremely secure for the clients that use it to receive helpdesk support.  It does exactly what it is written to do and no more. No ads, no malware and no virus.  The users who have this program know exactly what it is for and have read its terms of use before hand. The users of the program know who I am and the phone number.  Support is only given to those who agree to the terms of use and call the phone number.

Occasionally I recompile the program to include the latest security updates and then rename w/  the last two digits of the program to reflect the year/version.  I just recompiled this program to include the latest uvnc 1.2.3.0 from www.uvnc.com.   Since doing so, I am getting the false positive.

Please whitelist / remove this false positive detection so I can continue to help users battle malware and other scams.

Thank you

CPC

EZhelp20.zip

[thisisu]

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.

This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

If still detected on your end after ~10 minutes from now. Perform the following steps: 

1. Totally exit/shutdown Malwarebytes.
2. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService
3. Delete the following file only: hubblecache
4. Then you can restart MBAM and the cache file will rebuild on the next scan.

[CPC]

Thank you... With your help... it is no longer being detected at this time.

[thisisu]

You're welcome. Merry Christmas

[CPC]

Help please...being detected again.

I am sorry to bother you with this again...

I made a small change to the gui in EZhelp,  recompiled it and now it is being detected as  "MachineLearning/Anomalous.100%"  The program description, use and function remains the same as above.

Attached the most recent copy compiled earlier today.

Hopefully you can white list it again for me, so that I can continue helping people remove malware

Happy New Year

CPC

EZhelp20.zip

[TwinHeadedEagle]

It should be fixed now.

[CPC]

Hello

Incorrectly being detected as MachineLearning/Anomalous. 100%  again.   Since I was coming here again anyhow,  I took the opportunity to also recompiled this to include a minor screensaver fix.  The program remains the same as described above... No malware, no virus, no adware and it does only as described above..  This is simply ultavnc from www.uvnc.com set to refuse incoming connections and force the use of a password and encryption to make it more secure.

Thank you very much...

CPC

 

EZhelp20.zip

[thisisu]

Hi,

Sorry for the trouble with this one. I've whitelisted this one and added an additional measure to prevent future versions from being detected. As long as the structure of the PE doesn't change too much, should be ok.

Regards

[CPC]

Hello

Can you please help whitelist EZhelp again?

Without making any changes to the program EZhelp20.exe ....it is being detected again.  This time as Malware Generic 2987068651

Using Malwarebytes 4.1.0   update 1.0.21460

If you need more information about the program, I am happy to answer any questions you have.  The description was also in the first post.

I have attached a zip copy of the program.

The password is "infected"

Thank you again

CPC

EZhelp20.zip

[thisisu]

6 hours ago, CPC said:

Hello

Can you please help whitelist EZhelp again?

Without making any changes to the program EZhelp20.exe ....it is being detected again.  This time as Malware Generic 2987068651

Using Malwarebytes 4.1.0   update 1.0.21460

If you need more information about the program, I am happy to answer any questions you have.  The description was also in the first post.

I have attached a zip copy of the program.

The password is "infected"

Thank you again

CPC

EZhelp20.zip 1.51 MB · 2 downloads

Different set of heuristics hitting that one. A fix is in the works and pending an update.

Sorry for the inconvenience

[CPC]

Hello

Can you please help whitelist EZhelp.exe again.

It's recently been updated to include the latest security updates from UVNC (ultravnc) and the name of the program changed by dropping the number from the end of the name.

The program still does that same as it always has as described in the first post in this thread from several years ago

Today 6/23/2022  I see Malwarebytes version 4.5.5 is detecting it as Malware.AI.4188190347

I have attached the latest version in a zip file... "infected" is the password.

Thank you in advance for you help

CPC

EZhelp.zip

[CPC]

Hello...

It is urgent that I get this whitelisted as soon as possible... as this program is used internally for supporting hundreds of people and Malwarebytes keeps deleting it.

I have added the history report in the attached zip file..

Please let me know if you need anything else.

Thank you in advance for your help.

CPC

 

MBhistoryreport.zip

[Porthos]

18 minutes ago, CPC said:

It is urgent that I get this whitelisted as soon as possible.

@thisisu

[CPC]

Hello???

Am I  posting in the correct forum or has something changed in the last few years.  In the past I was pleasantly surprised at how fast the response and resolution was... Things were usually in just a few hours.

Maybe I did something wrong with the request posted on 6/23/2022  in this thread??  Do I need to start a new thread or did I miss something?  Please let me know how I can help get this resolved as this folase positive is costing a lot of grief and hours of labor.

The zip attachment of the program is in the post for 6/23  

... and as mentioned on 6/23

"Can you please help whitelist EZhelp.exe again.

It's recently been updated to include the latest security updates from UVNC (ultravnc) and the name of the program changed by dropping the number from the end of the name.

The program still does that same as it always has as described in the first post in this thread from several years ago

Today 6/23/2022  I see Malwarebytes version 4.5.5 is detecting it as Malware.AI.4188190347

I have attached the latest version in a zip file... "infected" is the password.

Thank you in advance for you help"

Please let me know if there is anything further you need or a way I can help you.

 

CPC

 

[Porthos]

1 minute ago, CPC said:

Am I  posting in the correct forum or has something changed in the last few years.  In the past I was pleasantly surprised at how fast the response and resolution was... Things were usually in just a few hours.

You added to a 2yr old topic. It was not followed any longer.

I alerted staff.

In the future create a new topic.

 

[CPC]

Thank you Porthos...  I will wait for a response and in future start a new topic.

Greatly Appreciated

CPC

[cli]

Thanks for reporting, this should no longer be detected in 10 minutes. 

Sorry about the delay. Like Porthos said, best to create new topic and can also reference old post. Posting in old thread typically only notifies commenters of that thread, but new post will notify other staff as well.