Jump to content

4.1.1.961 Beta: Use expert system algorithms ?

siliconman01

By siliconman01
in Malwarebytes 4.x Beta

 Share

Recommended Posts

siliconman01

siliconman01

Posted
  • Author
Posted
29 minutes ago, shadowwar said:

can you zip and attach this file?

C:\DUMPSTACK.LOG.TMP

 

The Dumpstack.log.tmp file is locked tighter than drum and cannot be copied, opened, deleted (even after "take ownership" is executed) or with the system in safe mode.  Cannot even send it up to VirusTotal.  It is on all my Windows 10x64 Pro systems with the latest v2004.

Also here is a Custom Scan Results 1 report with this feature activated and it shows 273 detections.  I run KIS 2020 on 1 of systems and Bitdefender Internet Security 2020 on my other systems.  I scan my systems daily and these security suites show no infections.  Both of these suites scan for rootkits as well.  

The Custom Scan Results 2 report is  the same scan with this new option turned off. 

Advanced Scan Results 1.txt Advanced Scan Results 2.txt

Link to post
Share on other sites
BillH99999

BillH99999

Posted
Posted (edited)

I am also getting things flagged when this setting is on that I don't get when it is off.  I have attached the log.  The flagged items are ones I've used for a long time and don't think they are really problems. 

What is Malware.Heuristic.106?

I saw the same problem with the setting slider.  Closing and re-opening the UI does show the updated value for the setting.

Thanks,
Bill

scan results.txt

 

Edited by BillH99999
Link to post
Share on other sites
exile360

exile360

Posted
Posted
5 minutes ago, BillH99999 said:

What is Malware.Heuristic.106?

A heuristic signature is a more generic type of detection method (such as algorithms, fuzzy defs, pattern/behavior based signatures etc.) which are capable of detecting new/unknown threats and/or new/unknown variants of previously seen threats (i.e. polymorphism).  The definition from the Malwarebytes Labs glossary of terms (located here) is quoted below:

Heuristic analysis

Heuristic analysis is a scanning technique used by many antivirus programs wherein they look for certain malicious behaviors from potentially new and undetected variants.

Other forms: Heuristics

Link to post
Share on other sites
exile360

exile360

Posted
Posted

It means something to the Research team; it tells them which heuristic signature is responsible for the detection.  Heuristics by their very nature may be prone to false positives (this is why so many FPs from AVs on VirusTotal and similar services contain one or more of the terms generic, heuristic, gen, heur, among others and they all mean the same thing: heuristics.  Malwarebytes' entire scan engine and signatures are largely composed of heuristics of various types with many advanced detection techniques (one of the reasons Malwarebytes is so good at detecting the latest threats).  I'm guessing this new module is just a new type of heuristic based on some AI generated algorithm(s); a technique that is pretty new in the industry but shows a lot of promise.

All that said, no, it does not indicate anything specific about why that file was detected, however Research will take a look and will determine what caused it and tune the algorithm to no longer detect the file.

Link to post
Share on other sites
Hardhead

Hardhead

Posted
Posted

@BillH99999 ,

 I will point you to a similar issue I had and it was just a false positive detection and I’m running the latest Malwarebytes beta. After R&D takes a look at the files that are coming up listed as Malware.Heuristic.106 it will be safe to just ignore and restore the files being detected. I feel everything will be all good so don’t worry all will be okay. I was directed to Malwarebytes Blog and my post is below in File Detections here. I can assure you that after R&D takes a look at everything you will be able to restore the files as they are more than likely just false positives. 

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted
On 6/20/2020 at 9:33 AM, shadowwar said:

Would you mind running a threat scan with it on and post the log here.

I have attached a scan if you would like to look through it. From the six detection's, these three files were apps developed by our company.

Malware.Heuristic.106, C:\USERS\User\DESKTOP\OLD COMPUTER FILES\TXFBPREP\TXFBPREP.EXE, No Action By User, 1000001, 0, 1.0.25909, 00000000000000000000006A, dds, 00776959
Malware.Heuristic.106, C:\USERS\User\DESKTOP\OLD COMPUTER FILES\TXFBPREP - COPY\TXFBPREP.EXE, No Action By User, 1000001, 0, 1.0.25909, 00000000000000000000006A, dds, 00776959
Malware.Heuristic.106, C:\USERS\user\DESKTOP\OLD COMPUTER FILES\SERVERTALK.EXE, No Action By User, 1000001, 0, 1.0.25909, 00000000000000000000006A, dds, 00776959

 

algorithms-detections.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The Beta for expert system algorithm had a bug where it was incorrectly tagging certain files.  We have addressed this bug in the next CU11 Beta and it will also be rolled out in the GA for CU11

You can ignore or exclude these files if you like @Firefox for now.

 

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.