Jump to content

Build tools.exe False Positive


Jacob280

Recommended Posts

  • Staff

We typically advise developers to add their working directory to the allow list first. If that is not ideal, (from MachineLearning/Anomalous Detections and Explanation)

Quote

We would encourage all software developers to avoid packing or obfuscating their code after compilation, use consistent Version Information and to digitally sign their code to guarantee its integrity.

For more information, you can read MachineLearning/Anomalous Detections and Explanation.

If those changes can't be made, we may have to whitelist the file when it gets detected. 

  • Thanks 1
Link to post
Share on other sites

  • Staff
2 hours ago, cli said:

Thanks for reporting, the detection for the file will be fixed in 10 minutes. To avoid having this happen again, please add the location of your script to the allow list.

The file you've attached is already whitelisted. :) If it is still being detected, please clear your hubblecache. 

To clear hubble cache please do the following:

  1. Click on the Malwarebytes icon in the system tray
  2. Select "Quit Malwarebytes"
  3. Navigate to %PROGRAMDATA%\Malwarebytes\MBAMService
  4. Delete the file HubbleCache
  5. Open Malwarebytes
Quote

When I update the script again, I have found an option in the compiler to add file version and company name and a few other things so I will fill that out and see how it gets on.

OK, sounds good.

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.