False positive for Rufus 3.13.1735 (Windows Store x64 version)

[Akeo]

Hi,

Per https://www.virustotal.com/gui/file/87a9f99f0cc5bc2773990ae1b5e033e6fae83ae478041f044db8791597b86ad4/detection, Malwarebyte is currently detecting the Windows Store version of the Rufus 3.13 x86_64 executable (installable from https://www.microsoft.com/en-us/p/rufus/9pc3h3v7q9ch) as containing Malware.AI.17536672.

However, the non-Store release of Rufus 3.13 (which is x86_32) does not suffer the same detection (https://www.virustotal.com/gui/file/ec3136b053bd1559ad7ec1ea104113898093b886bf519e6117b138ef2e691cbb/detection) and, since the application is fully Open Source, we can also detail that the changes that were applied to the executable, from the non-detected non-Store release, stand in the 5 last commits listed at https://github.com/pbatard/rufus/commits/appstore.

In other words, the exact source for the executable that Malwarebyte currently classifies as containing Malware.AI.17536672 can be found at https://github.com/pbatard/rufus/tree/85cd19eb76f3c277d0f0593407926477dafc52a5.

Therefore, if this isn't a false positive, and considering that a version 5 commits prior is not triggering any detection, it should be easy to point out what in the code should be construed as malware.

If not, I would kindly request Malwarebyte to fix their engine, so as not to trigger a false positive for the Windows Store version of that application.

Thanks!

 

 

[cli]

Thanks for reporting, this will be fixed in 10 minutes.

[Akeo]

Wow, that's fast. Thanks for looking into it!