Jump to content

MachineLearning/Anomalous.97% false positive


Recommended Posts

Attached is the detection log and one of the 16 files found.   The odd thing is that these files were already on my computer, but just yesterday I was doing some cleanup and deleted them into the Recycle bin where they now tripped the Anomalous detection.

All of these files are written, compiled, packaged, and signed by our company, so do not suspect any malicious behavior.

Thanks,

Roger

Qu.POS_3.0.104.2.zip ScanFalsePositive.txt

Link to post
Share on other sites

Can you please attach the files detected. I do not get any hits on the one you uploaded. It looks like it was older versions that were detected?

MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$R0Z5GSB.2_TEST\GUSTO.POS_3.0.97.2_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$R35R7K7.0\GUSTO.POS_3.0.82.0_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$R6L50HB.1_TEST\GUSTO.POS_3.0.96.1_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$R8NC0LQ.1_TEST\QU.POS_3.0.103.1_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$R9YR0ZB.1_TEST\GUSTO.POS_3.0.97.1_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RB40BQZ.1_TEST\GUSTO.POS_3.0.88.1_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RBEZT3D.0\GUSTO.POS_3.0.83.0_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RDQ0VKT.7_TEST\QU.POS_3.0.99.7_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RFVO5YV.10_TEST\QU.POS_3.0.98.10_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RJXRLTJ.2_TEST\QU.POS_3.0.104.2_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RMV17ZY.1_TEST\GUSTO.POS_3.0.90.1_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RN7PIN1.0\GUSTO.POS_3.0.78.0_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RNB5XHQ.10_TEST\QU.POS_3.0.99.10_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RXIKXQY.0\GUSTO.POS_3.0.85.0_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RY8R029.1_TEST\GUSTO.POS_3.0.91.1_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RZGM7RN.1_TEST\GUSTO.POS_3.0.86.1_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,

Link to post
Share on other sites

Here's the individual file.  I had to restore it from the recycle bin before attaching, not sure if that mattered.

I've attached another older one as well.

MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RJXRLTJ.2_TEST\QU.POS_3.0.104.2_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,
MachineLearning/Anomalous.97%, C:\$RECYCLE.BIN\S-1-5-21-3657027788-3891070291-2564941829-1001\$RBEZT3D.0\GUSTO.POS_3.0.83.0_X86.APPXBUNDLE, No Action By User, 0, 392687, 1.0.18728, , shuriken,

Qu.POS_3.0.104.2_x86.appxbundle.zip Gusto.POS_3.0.83.0_x86.appxbundle.zip

Link to post
Share on other sites

Ok this should no longer be detected. It looks like it was actually the gusto.pos.exe in the bundles that was causing the detection. Its actually whitelisted already as shuriken learned it wasnt malware.

Link to post
Share on other sites

great thanks..  The older ones may have had an expired code signing cert that has been updated in newer ones.  

Can you archive this topic or at least hide/remove the executables from the posts now that you have inspected them?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.