Jump to content

Malwarebytes started detecting "Malware.AI", this is the only detection


davidv
 Share

Recommended Posts

Hello,

One of components of our product started being detected by Malwarebytes as "Malware.AI" on virustotal.

It shows in some undeterministic manner (once its shown, once it is not). For 64 bit this is the only one detection.

I believe this is a mistake, those files are in safe use since 2019. File is attached below, password is false_positive

I hope this fill be fixed soon.

Best regards
David

false_positive.zip

Link to post
Share on other sites

4 minutes ago, davidv said:

One of components of our product started being detected by Malwarebytes as "Malware.AI" on virustotal.

The attached file is not detected by the consumer or commercial versions of Malwarebytes.

The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. In VirusTotal Malwarebytes uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.

This will eventually fix itself in Virustotal as well, as Malwarebytes has no control over this. Virus Total is having trouble reaching Malwarebytes cloud.

Link to post
Share on other sites

After a few hours of silence the problem is back - both files detected again with the same description.

I am even able to observe similar detection (with different numbers) on number of different files, unrelated to my project / company.

Link to post
Share on other sites

  • Staff

Is this only virustotal? We are aware of the issue and its with virustotal only. They are having trouble reaching our cloud whitelisting and thus showing the detections. We are currently working to resolve this and have some things in testing. No eta at this time. 

 

Link to post
Share on other sites

Yes, with virustotal only.

How about other files that are 1-2 years old, have 0-1 detections on virustotal and started to be shown on virustotal yesterday?

Is current issue affecting only files reported here, or it also affects unreported false detections?

I see that some other files from my other projects are now shown on VT with different "Malware.AI.xyz" numbers starting 2021-04-15 as only detection and I am not sure if I should report them here or there is ongoing issue with such detections and will be resolved automatically?

Link to post
Share on other sites

  • Staff

You can report them here and we can double check them. The AI system most of the time resolves itself within 24 hours but we can be proactive if we have a vt report or file and double check them. Easiest and quickest way would be to give us all the files you want checked in a zip attached here or PM if they are private. I believe most of this was addressed with Miekemoes in the pm though. 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.