Jump to content

PAYLOAD.VSIX in Visual Studio 2019 Test Tools


Recommended Posts

  • 1 year later...

Hi All, 

This is showing up twice in a scan this morning. Specifically for the following two Payload.vsix files:

 File: 2
Malware.Heuristic.1001, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.DIAGNOSTICSHUB.RUNTIME,VERSION=16.10.31306.3\PAYLOAD.VSIX, Quarantined, 1000001, 0, 1.0.44170, 0000000000000000000003E9, dds, 01379044, 794E72ABEEF6A653E03F47FB9C65E18B, 4CA43EC48916B7B16A7E49063EF47D2A23991413EA445BAFBA5D0BEDB2A50D70

Malware.Heuristic.1008, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.DEBUGGERCLIENT.MANAGED,VERSION=16.10.31306.167\PAYLOAD.VSIX, Quarantined, 1000001, 0, 1.0.44170, 0000000000000000000003F0, dds, 01379044, 18B19F828BB0F8618021240DFA78FEDD, 11B1B16D555B68E382B20803D95DEF21E89DBB1CD2F580EFEBCC885C0CF2C78A


Link to post
Share on other sites

On 8/16/2021 at 5:59 AM, maj0191 said:

This is showing up twice in a scan this morning


Do you have "Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option.

This is normally disabled by default.

In either way, Staff will investigate this and get this fixed.

Thanks for reporting!

FYI. This setting is in the experimental stage.

That setting is to detect malformed files, but sometimes legit files use protection that make them malformed. Malwarebytes is still tweaking the algorithms that is why it’s off by default. If you switch it on it is assumed, you can tell the difference between a FP and a legit detection. 

And if you keep it on, I suggest also turn off auto quarantine. Gives you the time to report FP's and not go thru the extra step to have to restore from quarantine.

Please turn off "Use expert system algorithms to identify malicious files” It is located in Settings > Security> Scan option to avoid these detection's

Link to post
Share on other sites

Thanks Porthos! I do have it enabled, and I can somewhat guess a false positive. Given the files is named "payload", I can understand why the scanner picked it up, as it's probably not a great filename for any software company to use for legitimate bits of software. If Visual Studio can't run, I'll just reinstall it. No big deal.

At least you know it detects based on common "payload" filenames.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.