Jump to content
JCB

Our own Exe file is falsely detected as MachineLearning/Anomalous.100%

Recommended Posts

Hello

please can you Whitelist our exe file

we use it ouselves for our CRM administration and is constantly picked up as follows:-

MachineLearning/Anomalous.100%
Detection Name:    MachineLearning/Anomalous.100%
Action Taken:    Quarantined
Category:    Malware
Scanned At:    02/14/2020 11:39:55 AM
Reported At:    02/14/2020 11:40:41 AM
Type:    File
Endpoint:    *****
Location:    C:\LBT\Associate CAS Admin\LBTAdmin.exe
Group Name:    Default Group

LBTAdmin.zip

Share this post


Link to post
Share on other sites

it is automatically quarantined at point of launching the exe file.

Share this post


Link to post
Share on other sites

many thanks

but I just tried a restore .. which restores the exe to correct location .. however double ckick to run it immediately gets quarantined again.

(there are other files in that folder but it is the exe that is quarantined)

Share this post


Link to post
Share on other sites

Hi,

I can't produce detection anymore on the sample you attached though.

It could be possible because the detection got cahed in a meanwhile, so, Quit malwarebytes from the systemtray.
Then navigate to the following folder:

C:\ProgramData\Malwarebytes\MBAMService

In there, locate the file HubbleCache and delete it.

Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore.

Share this post


Link to post
Share on other sites

 

Hi miekiemoes..

for the time being I have a work around that I found ..

that being.. to switch off the 'Anomalous File Detection' option in our policy settings.

So for the moment we are working this way without issue.

 

but would be good to be able to switch that back on at some point.

 

Share this post


Link to post
Share on other sites
18 minutes ago, miekiemoes said:

Hi,

I can't produce detection anymore on the sample you attached though.

It could be possible because the detection got cahed in a meanwhile, so, Quit malwarebytes from the systemtray.
Then navigate to the following folder:

C:\ProgramData\Malwarebytes\MBAMService

In there, locate the file HubbleCache and delete it.

Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore.

Thanks I'll try that shortly and let you know if working. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.