Jump to content

Recommended Posts

Getting a false positive to my binary built by visual studio 2019 in 2 locations.

1. When used as a part of IDE (below)

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 09/10/2021
Protection Event Time: 21:06
Log File: 72a4db1e-293c-11ec-ad75-3417eba1c3bd.json

-Software Information-
Version: 4.4.7.134
Components Version: 1.0.1464
Update Package Version: 1.0.45702
Licence: Premium

-System Information-
OS: Windows 10 (Build 19043.1237)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
MachineLearning/Anomalous.95%, D:\dev\framework\Ethereal3\MetalMynds.Ethereal.UI.Winpf\bin\Debug\net5.0-windows10.0.19041.0\MetalMynds.Ethereal.UI.Winpf.dll, Quarantined, 0, 392687, 1.0.45702, , shuriken, , 62EA9947D3F945784A79B852FFC84EF3, 6DD7332BEC29FE8AA76C8C691290AB409B6B992FFB5626BD3F555780A3AF35EB


(end)

2. When executed by IDE.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 09/10/2021
Protection Event Time: 21:25
Log File: 1c8eeba4-293f-11ec-98f8-3417eba1c3bd.json

-Software Information-
Version: 4.4.7.134
Components Version: 1.0.1464
Update Package Version: 1.0.45702
Licence: Premium

-System Information-
OS: Windows 10 (Build 19043.1237)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
MachineLearning/Anomalous.95%, D:\dev\framework\Ethereal3\MetalMynds.Ethereal.UI.Winpf\bin\Debug\net5.0-windows10.0.19041.0\MetalMynds.Ethereal.UI.Winpf.dll, Quarantined, 0, 392687, 1.0.45702, , shuriken, , 62EA9947D3F945784A79B852FFC84EF3, 6DD7332BEC29FE8AA76C8C691290AB409B6B992FFB5626BD3F555780A3AF35EB


(end)

Problem for me:

There is no facility to ignore a specific file and that the file and filename is part of the sdk (above  net5.0-windows10.0.19041.0) its not really practical to have both of the items in the allowed list.

Work around

1: Allow List. broken very easily!

2: Disable Malware Detection! it works and want it to continue!

Any suggestions Dave

Link to post
Share on other sites

I would exclude the following folder. D:\dev\framework\Ethereal3

After you exclude it see the following screenshots,

Perform a scan On your D deive and then at the end when it shows the list of detections if any, uncheck any item that you do not want removed and click Next.  When prompted on what to do with the remaining unchecked items, select Ignore Always and they will be added to your exclusions and will no longer be detected by future scans.

image.png.b8e7dc0df61523cb6aa2c1f8f15430a6.png

image.png.78736019da0c7dbe29f7e327066f257c.png

 

Edited by Porthos
Link to post
Share on other sites

Hey,

          I have tried the actions above but I don't see any detections even when I have restored quarantined binaries explicitly, as a build/run is automatically quarantined.

          The previous post showed the logs for the same file but it also exists in a another location, each location contains the same file. 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/10/2021
Protection Event Time: 00:13
Log File: 85982630-2956-11ec-bbb7-3417eba1c3bd.json

-Software Information-
Version: 4.4.8.137
Components Version: 1.0.1474
Update Package Version: 1.0.45710
Licence: Premium

-System Information-
OS: Windows 10 (Build 19043.1237)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
MachineLearning/Anomalous.95%, C:\Users\craze\AppData\Local\Microsoft\VisualStudio\16.0_cddb33b1\Designer\Cache\1-396430107x64DA\MetalMynds.Ethereal.UI.Winpf.dll, Quarantined, 0, 392687, 1.0.45710, , shuriken, , 8DBB1BE6156EC3262E3800F85C4A5C5E, DA92C4E401A208D24B484D0E3D26736D3B83906C87E518F4CE91DBCC8ED043C0


(end)

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.