Jump to content
CPC

False Positve : EZhelp20.exe

Recommended Posts

EZhelp20.exe is currently being detected as follows...  MachineLearning/Anomalous. 100%

I wrote and have been using EZhelp to support windows users for over a decade helping people removing viruses and malware ( installing malwarebytes for those customers thousands of times.)

EZhelp wraps UVNC and does the following vs the default uvnc...Its a portable on demand  program that runs only upon the user's command to do so, blocks incoming connections, only allows 1 secure outgoing reverse connection and forces the use of encryption to connect only to my support helpdesk ipaddress....   This is all done to make if extremely secure for the clients that use it to receive helpdesk support.  It does exactly what it is written to do and no more. No ads, no malware and no virus.  The users who have this program know exactly what it is for and have read its terms of use before hand. The users of the program know who I am and the phone number.  Support is only given to those who agree to the terms of use and call the phone number.

Occasionally I recompile the program to include the latest security updates and then rename w/  the last two digits of the program to reflect the year/version.  I just recompiled this program to include the latest uvnc 1.2.3.0 from www.uvnc.com.   Since doing so, I am getting the false positive.

Please whitelist / remove this false positive detection so I can continue to help users battle malware and other scams.

Thank you

CPC

EZhelp20.zip

Share this post


Link to post
Share on other sites

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.

This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

If still detected on your end after ~10 minutes from now. Perform the following steps: 

  1. Totally exit/shutdown Malwarebytes.
  2. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService
  3. Delete the following file only: hubblecache
  4. Then you can restart MBAM and the cache file will rebuild on the next scan.

Share this post


Link to post
Share on other sites

Thank you... With your help... it is no longer being detected at this time.

Share this post


Link to post
Share on other sites

Help please...being detected again.

I am sorry to bother you with this again...

I made a small change to the gui in EZhelp,  recompiled it and now it is being detected as  "MachineLearning/Anomalous.100%"  The program description, use and function remains the same as above.

Attached the most recent copy compiled earlier today.

Hopefully you can white list it again for me, so that I can continue helping people remove malware

Happy New Year

CPC

EZhelp20.zip

Share this post


Link to post
Share on other sites

Hello

Incorrectly being detected as MachineLearning/Anomalous. 100%  again.   Since I was coming here again anyhow,  I took the opportunity to also recompiled this to include a minor screensaver fix.  The program remains the same as described above... No malware, no virus, no adware and it does only as described above..  This is simply ultavnc from www.uvnc.com set to refuse incoming connections and force the use of a password and encryption to make it more secure.

Thank you very much...

CPC

 

EZhelp20.zip

Share this post


Link to post
Share on other sites

Hi,

Sorry for the trouble with this one. I've whitelisted this one and added an additional measure to prevent future versions from being detected. As long as the structure of the PE doesn't change too much, should be ok.

Regards

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.