Jump to content
HH68

False Positive

Recommended Posts

Hi,

new "Aerosoft Livery Manager" is reported as Ma c hineLearning/Anomalous.100%. Application has been programmed by myself and is 100% pure stock C# (VS2019) without any third party items. It accesses the .ini file functions in Kernel32.dll. It's function is to zip/unzip archives to/from a folder below %temp% and edit configuration files.

Please add this to your white list. Source code can be provided on request.

Best Regards,

Hans

AS_Livery_Installer_Log_Installationfolder.txt AS_Livery_Installer_Log_Developmentfolder.txt

Share this post


Link to post
Share on other sites

Hi,

It shouldn't be detected anymore. In case it is, exit MalwareBytes and then delete a following file from your system:
C:\ProgramData\Malwarebytes\MBAMService\HubbleCache

Start MalwareBytes again and scan the file.

Edited by TwinHeadedEagle

Share this post


Link to post
Share on other sites

Hi,

I can confirm that it's no longer detected after deleting HubbleCache.

Thank you very much for this extremely quick help!

Best Regards,

Hans

Share this post


Link to post
Share on other sites

Hi,

I had to make a little fix to the program. Unfortunately, it's detected again now. I attached the scan result and the new EXE file. Can you please check and whitelist it again?

A general question: Why is it that so many stock .NET applications are detected? Not just by MWB. Pretty much every anti-virus or anti-malware software seems to find something in there.

Thank you very much 🙂

Best Regards,
Hans

Livery Installer.7z AS Livery Installer 2.0.0.0 Scan Results.txt

Share this post


Link to post
Share on other sites

Thank you very much 🙂

Best Regards,
Hans

Share this post


Link to post
Share on other sites

Hi again,

I have another one. It's a different program (again, totally stock .NET, like the other one) but it results in the same false positive.

Thank you for checking 🙂

Best Regards,

Hans

Aerosoft.A3XX.Configurator.exe.7z

Share this post


Link to post
Share on other sites

Hmm. I just checked but I have the latest MalwareBytes version. I attached a screenshot and the log.

FP.JPG

FP.txt

Share this post


Link to post
Share on other sites

After deleting Hubblecache and a reboot, it's not detected anymore.

Thank you very much for your help and sorry for the false positive on the false positive 🙂

Best Regards,

Hans

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.