Borland C++ 5.01, Borland C++ 5.02

[dashstofsk]

Greetings,

I write software for Windows using the old Borland compilers, Borland C++ 5.01 ( 1996 ) and Borland C++ 5.02 ( 1997 ).

Malwarebytes is always finding 'MachineLearning/Anomalous' faults in my executables. Not occasionally, but mostly on all of them. It seems to be objecting to some common feature in all the executables generated by these compilers. And yet when I upload my executables to VirusTotal all the other malware software see no virus, nothing suspicious.

It is rather awkward for me because I run the risk of my users thinking there is something wrong with my programs.

Could I trouble you to investigate and identify why this is happening?

Might it just be because Borland C++ 5.01/5.02 are old compilers and Malwarebytes rarely comes across the object code generated by them, and that few Borland C++ 5.01/5.02 programs are in your "training set of goodware"?

Some of us do still use these compilers and the programs they generate can run on every Windows OS.

To help you I enclose just one of my programs, generated under Borland C++ 5.02.

I have version 4.1.0.56 of Malwarebytes running under Windows 10.

Best wishes,

Generator_5.0.2.rar

[shadowwar]

Are these being detected in your build directory? Sometimes incomplete executables will look anomalous to the engine. We recommend excluding the working directory. Also 4.3.0.98 is the latest malwarebytes version. Also the system self learns in about 24 hours. So if you upload to vt it may self correct on the detection. 

Also i suggest you make your file look less like malware. For Example filling out the version info properties like company name and such and also possibly digital signing if possible. 

 

This file is currently whitelisted when i checked it. 

Edited February 22, 2021 by shadowwar

[dashstofsk]

Thanks for your advice.

Borland C++ 5.02 is a more simple tool than Visual Studio C++. It doesn't have separate build and working directories. It just compiles the code and generates an EXE file, the final program. Before I release the programs I scan them through VirusTotal and on my computer with Malwarebytes so I can be certain the AV software that my users have will not complain of a bad program. However, Malwarebytes seems to be the only AV software that repeatedly finds fault with my EXEs.

I have now downloaded version 4.3.0.98 but it still found 'MachineLearning/Anomalous' faults in my executables.

I think it is best for the moment that I just take your advice to add version info details to my programs, and then when the time comes to release a program update I will come back to this forum if I have further problems.

Thanks for your help.

 

[AdvancedSetup]

Just out of curiosity @dashstofsk

Do you need or use updates to 5.02? Do your programs work natively with Windows 10 x64 (I know they're not 64-bit but do they run without anything special?)

 

 

[shadowwar]

If you submit to virustotal and scan it with malwarebytes that will populate the machine learning system. Give it up to 24 hours to learn the file. Then rescan with malwarebytes and virustotal and see if still detected. 

[dashstofsk]

Hello,

Thanks for enquiring about Borland C++ on Windows 10.

The majority of my software development work I do on my desktop under windows XP and using Borland C++ 5.02. Yes I do know these are both old. However, the XP/C++ 5.02 combination has worked well for me for many years and has allowed me to write professional applications, albeit in the classic Windows style. Although I also have Visual Studio 2019 on a Windows 10 laptop my preference is still to develop with XP/C++ 5.02.

I also have the slightly older Borland C++ 5.01 on the Windows 10 laptop. I didn't need any updates - I just installed the compiler from the CD. My computer does give me a warning about unsupported compatibility with 64-bit Windows which I ignore. And some of the resource editing features will not work. However it can compile my programs. I don't know about the 'tools' and scripting features that come with Borland C++ - I have never needed to use them.

I only compile under Windows 10 if I need to generate a version of my program with C++ 5.01. This is because I have noticed that Malwarebytes will sometimes flag a 5.02 compilation of my program as suspicious but not a 5.01 compilation of the same source, which is a bit odd.

Best wishes,

[AdvancedSetup]

Great, thank you for the updated information @dashstofsk