CMake File Malware.AI Detection

[avocado123]

Dear Malwarebytes team,

Malwarebytes detected a CMake file as malware, which I think is a false positive. The file is called "CMakeCXXCompilerId.exe".

This CMake version comes bundled with Microsoft Visual Studio 2019 and is being used by CLion IDE from JetBrains on my Computer. CMake version: 3.17.5

I've added the log as an attachment.

Kind regards

malwarebytes_log.txt

[cli]

Can you attach the file? Thanks.

[avocado123]

Just now, cli said:

Can you attach the file? Thanks.

Added the file. There's also a source code file in the same directory that I could upload.

 

CMakeCXXCompilerId.zip

[cli]

Thanks for reporting, this will be fixed in 10 minutes.

[avocado123]

Just now, cli said:

Thanks for reporting, this will be fixed in 10 minutes.

The uploaded file doesn't get detected anymore on my PC. However, whenever I create a new project in the CLion IDE, "CMakeCXXCompilerId.exe" gets compiled from source and gets detected as Malware.AI again. The only difference between the files that I could find is the compilation date stored in the PE header and somewhere else in the binary, which breaks the signature I guess?

I've attached the log and and the file from a newly created project.

CMakeCXXCompilerId_second_file.zip malwarebytes_second_log.txt

[cli]

I see. This was detected by our machine learning engine. We advise developers to add their working/building directory to their Allow List to keep these detections from happening. The software typically will no longer be detected by the time the project is finalized, but if it is please let us know.

For more information, please read MachineLearning/Anomalous Detections. 

Thanks.