Jump to content

4.1.1.961 Beta: Use expert system algorithms ?


Recommended Posts

  • Staff

Would you mind running a threat scan with it on and post the log here. Do no remove anything after the scan. Its algorithms to detect non standard files. 

Link to post
Share on other sites
29 minutes ago, shadowwar said:

can you zip and attach this file?

C:\DUMPSTACK.LOG.TMP

 

The Dumpstack.log.tmp file is locked tighter than drum and cannot be copied, opened, deleted (even after "take ownership" is executed) or with the system in safe mode.  Cannot even send it up to VirusTotal.  It is on all my Windows 10x64 Pro systems with the latest v2004.

Also here is a Custom Scan Results 1 report with this feature activated and it shows 273 detections.  I run KIS 2020 on 1 of systems and Bitdefender Internet Security 2020 on my other systems.  I scan my systems daily and these security suites show no infections.  Both of these suites scan for rootkits as well.  

The Custom Scan Results 2 report is  the same scan with this new option turned off. 

Advanced Scan Results 1.txt Advanced Scan Results 2.txt

Link to post
Share on other sites
20 minutes ago, siliconman01 said:

It is on all my Windows 10x64 Pro systems with the latest v2004.

It is added with the 2004 update.

Link to post
Share on other sites
11 hours ago, shadowwar said:

Would you mind running a threat scan with it on and post the log here. Do no remove anything after the scan. Its algorithms to detect non standard files. 

I did one for you.

 

Scan.txt

Link to post
Share on other sites

I am also getting things flagged when this setting is on that I don't get when it is off.  I have attached the log.  The flagged items are ones I've used for a long time and don't think they are really problems. 

What is Malware.Heuristic.106?

I saw the same problem with the setting slider.  Closing and re-opening the UI does show the updated value for the setting.

Thanks,
Bill

scan results.txt

 

Edited by BillH99999
Link to post
Share on other sites
5 minutes ago, BillH99999 said:

What is Malware.Heuristic.106?

A heuristic signature is a more generic type of detection method (such as algorithms, fuzzy defs, pattern/behavior based signatures etc.) which are capable of detecting new/unknown threats and/or new/unknown variants of previously seen threats (i.e. polymorphism).  The definition from the Malwarebytes Labs glossary of terms (located here) is quoted below:

Heuristic analysis

Heuristic analysis is a scanning technique used by many antivirus programs wherein they look for certain malicious behaviors from potentially new and undetected variants.

Other forms: Heuristics

Link to post
Share on other sites

Does the 106 mean anything?  I guess what I was trying to figure out is why these are being flagged as a detection?  What is wrong with the registry entry and the 5 files?  

Bill

Edited by BillH99999
Link to post
Share on other sites

It means something to the Research team; it tells them which heuristic signature is responsible for the detection.  Heuristics by their very nature may be prone to false positives (this is why so many FPs from AVs on VirusTotal and similar services contain one or more of the terms generic, heuristic, gen, heur, among others and they all mean the same thing: heuristics.  Malwarebytes' entire scan engine and signatures are largely composed of heuristics of various types with many advanced detection techniques (one of the reasons Malwarebytes is so good at detecting the latest threats).  I'm guessing this new module is just a new type of heuristic based on some AI generated algorithm(s); a technique that is pretty new in the industry but shows a lot of promise.

All that said, no, it does not indicate anything specific about why that file was detected, however Research will take a look and will determine what caused it and tune the algorithm to no longer detect the file.

Link to post
Share on other sites

@BillH99999 ,

 I will point you to a similar issue I had and it was just a false positive detection and I’m running the latest Malwarebytes beta. After R&D takes a look at the files that are coming up listed as Malware.Heuristic.106 it will be safe to just ignore and restore the files being detected. I feel everything will be all good so don’t worry all will be okay. I was directed to Malwarebytes Blog and my post is below in File Detections here. I can assure you that after R&D takes a look at everything you will be able to restore the files as they are more than likely just false positives. 

Link to post
Share on other sites
  • Staff

@BillH99999

 

The registry entries are because of the malwarebytes linking engine. When it detects a file it also looks into the registry to remove corresponding registry entries. Malwarebytes has always done this though. 

106 is the the specific rule for non standard files with this heuristic. 

Link to post
Share on other sites
On 6/20/2020 at 9:33 AM, shadowwar said:

Would you mind running a threat scan with it on and post the log here.

I can't even enable that feature????

Link to post
Share on other sites
35 minutes ago, Firefox said:

I can't even enable that feature????

There is a known GUI bug where the visible state of the switch doesn't change, but if you close and reopen the UI, it should now be enabled.  The following thread documents the issue:

 

Link to post
Share on other sites
3 minutes ago, exile360 said:

but if you close and reopen the UI, it should now be enabled.

Yes that worked, it shows enabled now

Link to post
Share on other sites
On 6/20/2020 at 9:33 AM, shadowwar said:

Would you mind running a threat scan with it on and post the log here.

I have attached a scan if you would like to look through it. From the six detection's, these three files were apps developed by our company.

Malware.Heuristic.106, C:\USERS\User\DESKTOP\OLD COMPUTER FILES\TXFBPREP\TXFBPREP.EXE, No Action By User, 1000001, 0, 1.0.25909, 00000000000000000000006A, dds, 00776959
Malware.Heuristic.106, C:\USERS\User\DESKTOP\OLD COMPUTER FILES\TXFBPREP - COPY\TXFBPREP.EXE, No Action By User, 1000001, 0, 1.0.25909, 00000000000000000000006A, dds, 00776959
Malware.Heuristic.106, C:\USERS\user\DESKTOP\OLD COMPUTER FILES\SERVERTALK.EXE, No Action By User, 1000001, 0, 1.0.25909, 00000000000000000000006A, dds, 00776959

 

algorithms-detections.txt

Link to post
Share on other sites
  • Root Admin

The Beta for expert system algorithm had a bug where it was incorrectly tagging certain files.  We have addressed this bug in the next CU11 Beta and it will also be rolled out in the GA for CU11

You can ignore or exclude these files if you like @Firefox for now.

 

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.