CG: False Positive Submission (Malware.Heuristic.1003)

[CGS]

Hello!
We have checked our software on virustotal and got false positive detections (Malware.Heuristic.1003).
Please check the protected zip file with sample in attachment.
Password for the zip file is “infected” (without quotes).
The archive also contains link to virustotal reports.
Thank you!

MD5    d80774cf1945f9ab114833455b05c5a8
SHA-1    5071c86b389c0c3f0c6105e8bb108a48acaac28e
SHA-256    534ce8fc25a2b0ce7bb0dee0b236dc92176e0f4ed4681905919e3c283cc87df0

vendor_Malwarebytes_2022_02_06.zip

[Porthos]

16 minutes ago, CGS said:

The archive also contains link to virustotal reports.

First you might want to look again at the VT report.

https://www.virustotal.com/gui/file/534ce8fc25a2b0ce7bb0dee0b236dc92176e0f4ed4681905919e3c283cc87df0?nocache=1

The attached file is not detected by the consumer or commercial versions of Malwarebytes in default configuration.

The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. In VirusTotal Malwarebytes uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.

This will eventually fix itself in Virustotal as well, as Malwarebytes has no control over this. Virus Total is having trouble reaching Malwarebytes cloud.

 

[cli]

Thanks for reporting, this should no longer be detected in 10 minutes.