Jump to content

False Positive "MachineLearning/Anomalous.95%" on my clean software


Recommended Posts

My software 'Advance BAT to EXE converter' creates EXE files from BAT files. It does not do any harm to computers
or data.

Your product falsely detect my program and EXEs created by it as "MachineLearning/Anomalous.95%FP_ABF.zip"

I sell this software and my paid customers are annoyed with these false positives.

This zip file contains a sample of batch files compiled to EXE with 'Advanced BAT to EXE Converter' and there are thousands of variations of these files. Anything close to these files must NOT be a false positive.

i have included compiled batch scripts in "COMPILED Batch Files" folder.
And i have included my compiler program files in "COMPILER" folder.

The compiled EXE are created from "bfchlp1.dat" and "bfchlp4.dat" from "Specially flagged files" folder with the encrypted batch file append at the end, There are also few bytes overwrite inside of the "bfchlp" files.

Can you please fix this? i have attached files and virustotal.com link

virustotal link :  https://www.virustotal.com/gui/file/271984024a2eb5de6822297cb5e0ce702b8fd67bf84d079dbf1515482104ef57

The sample is in a password protected zip file
The password for the attachment is "infected"


Link to post
Share on other sites

  • Staff


I can't reproduce detection, even after extracting the contents. Are you still getting a detection locally?

Please note, Our engine format and configuration in VirusTotal is different than our consumer and corporate products’ default configuration. In VirusTotal we use a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.
This will eventually fix itself in Virustotal as well, as we don't have control over this.

Link to post
Share on other sites

Thanks for the quick response!

I understand that virustotal.com results may differ from consumer version scan results but I received several complaints from my customers. I attached a log from a customer here.


-Log Details-
Scan Date: 9/8/21
Scan Time: 2:32 AM
Log File: a116e6cc-1087-11ec-af0f-00ff5892dae6.json

-Software Information-
Components Version: 1.0.1413
Update Package Version: 1.0.44748
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1165)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 442244
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 33 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

File: 2
MachineLearning/Anomalous.100%, C:\PROGRAM FILES (X86)\ADVANCED BAT TO EXE CONVERTER PRO V4.11\AB2ECONV411PRO\BFCHLP4.DAT, No Action By User, 0, 392687, 1.0.44748, , shuriken, , 9178B613DF415F4A0402D416B481A01A, 9768E6314711173B1237D500016DFD57BE1E4D382B1A9A83383A99901D1BF2C0
MachineLearning/Anomalous.100%, C:\PROGRAM FILES (X86)\ADVANCED BAT TO EXE CONVERTER PRO V4.11\AB2ECONV411PRO\BFCHLP4A.DAT, No Action By User, 0, 392687, 1.0.44748, , shuriken, , 59DC415F4B908D91BA05F1F8D3D5130D, 007AE7C465DF981F25CF04381448E8FFA8C8B911D93F7BA6C5EB1099C06E33AB


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.