False Positive on my OAuth tools

[Wallboy]

Hello,

I'm the developer of a Rainmeter Skin that integrates with TwitchTV. I have a couple of AutoIt (au3) GUI tools that Generate/Regenerate an OAuth Token for a users account. These tools have been flagged as MachineLearning/Anomalous.100% by Malwarebytes:

https://www.virustotal.com/gui/file/cc783d6a70a34136fd5363537db6920fdbc169954a3270170aab82b0aecebb59
https://www.virustotal.com/gui/file/f1f3fdb1c3594697822e47e0f23dc05247535e0f8df2243064c7938d385da396

I have attached the exe's in question and can provide the au3 source files if necessary.

false_positives.zip

[cli]

Thanks for reporting, this should be fixed in 10 minutes.

[Wallboy]

Thanks, I don't see this being detected by a local installation of Malwarebytes anymore, however VirusTotal is still showing it detected after Reanalyzing. I'm just going to assume VirusTotal is using an older signature database.

[Porthos]

2 hours ago, Wallboy said:

however VirusTotal is still showing it detected after Reanalyzing. I'm just going to assume VirusTotal is using an older signature database.

The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. In VirusTotal Malwarebytes uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.

This will eventually fix itself in Virustotal as well, as Malwarebytes has no control over this. Virus Total is having trouble reaching Malwarebytes cloud. The whitelisting is done in the cloud.

Edited January 14, 2022 by Porthos