Jump to content

Lots of Malware.Heuristic.1003 false positives on my programs.


chrislong2
 Share

Recommended Posts

Whatever this "Malware.Heuristic.1003" advanced heuristic is looking for, it has a major flaw because it is flagging pretty much all of my programs:

https://www.simpledatabackup.net/downloads/SimpleDataBackup10.exe

https://www.simpledatabackup.net/downloads/SimpleDataBackup10-3GA.exe

http://ssesetup.com/downloads/SSESetup10-4.exe

http://ssesetup.com/downloads/TextMorph34.exe

http://ssesetup.com/downloads/EZSignIt41.exe

While a whitelist is appreciated, you need to solve your wrong detection criteria that is causing this so this doesn't reappear when I next release new versions etc.

I suspect since it is flagging these, it is also specifically flagging all other SSE Setup created installers as well.

Chris Long, SSE Setup, www.ssesetup.com

Link to post
Share on other sites

3 minutes ago, chrislong2 said:

Whatever this "Malware.Heuristic.1003" advanced heuristic is looking for, it has a major flaw because it is flagging pretty much all of my programs:

The listed files are not detected by the consumer or commercial versions of Malwarebytes.

The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. In VirusTotal Malwarebytes uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.

This will eventually fix itself in Virustotal as well, as Malwarebytes has no control over this. Virus Total is having trouble reaching Malwarebytes cloud.

 

Link to post
Share on other sites

The whitelisting of digital signature should help me personally and I thank you, however, it still means that your heuristic is going to flag all other SSE Setup created installers (SSE Setup is a program installer other developers use too).  I understand to Porthos' point that this detection does not occur in default configuration, however it can be made to use this heuristic and thus do this false detection.  I suspect either this heuristic is incorrectly weighting VB6 executables or the 7-zip self extractor that SSE Setup created installs use.  In either case, neither of those should be causing an assumption of "guilt" for an executable, no matter how aggressive the heuristic is. I would humbly ask this be looked into by your development team.  Thank you. Chris Long, SSE Setup, www.ssesetup.com

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.