Jump to content

VirusTotal - FPos- Was Malware.Heuristic.1003 Now is Malware.AI.3464644714


Pronamics
 Share

Recommended Posts

Hi Team. 

We design and build applications for many industries.
These applications include Estimation and Project Management software.
Currently, one of our application EXE's are triggering alerts on VirusTotal.com, and we need to have this cleared as the files are safe.
What I am looking for is not only getting this whitelisted, but an explanation as to WHY this is flagged.

EPSnapShot.exe
https://www.virustotal.com/gui/file/a7b2638f795a44ecb3e1fbbc9ac4546ac5061a0e097df4fb9218ba7518cc0651/detection

For the last 2 weeks, MalwareBytes has picked this up as a 1003 error, but as of this morning, we have a new definition. Same file, no changes or recompile our end.
Pre    16.Set.22:    Malwarebytes    Malware.Heuristic.1003
Post     18.Sep.22:    Malwarebytes    Malware.AI.3464644714


While we are certainly looking into signing our source code moving forward, we need to understand what the cause of this trigger is.
Signing will just authenticate us as being a legitimate business, which we are, established in 1997, but not eradicate the engine triggers.
We deliberately obfuscated source code data in order to protect our Intellectual Property. Standard practice for any code written IP.
If AV engines such as yours are flagging us for this practice, what can be done our end to minimise the footprint or flagging triggers?



Thanking you kindly, have a great day.

Link to post
Share on other sites

  • Staff

Thanks for reporting, this will be fixed in 10 minutes.

In regards to the Malware.Heuristic.1003 detection, from  Malware.Heuristic.100X Detections and Explanation:

Quote

Malware.Heuristic.100X detection names come from a new aggressive heuristic which detects malformations in PE headers which are typically found in malware and viruses. If a file or application is detected as Malware.Heuristic.100X it does not necessarily mean that the file is malicious. It simply means that it's PE structure is similar to that of malware and viruses.

This setting, which can be found under ["Settings > Security > Expert systems algorithms"], is OFF BY DEFAULT.

Since this is still in development, we suggest the following:

Quote

If you are a developer, while building your application,  I suggest you exclude the working/building directory from detection via the exclusion settings in Malwarebytes. This since our Anomaly detection might possibly detect some of the files you are building.
Once the application/project is final and ready to be shared with others, in most cases it won't be detected anymore since it won't be triggered as "anomalous" anymore either.

For more information, please read MachineLearning/Anomalous Detections and Explanation.

 

Link to post
Share on other sites

Thank you

I gave it some time, and checked VirusTotal again, and it is indeed back to the 1003 error. We have had this application in constant development for many years.

EPSnapShot.exe
https://www.virustotal.com/gui/file/a7b2638f795a44ecb3e1fbbc9ac4546ac5061a0e097df4fb9218ba7518cc0651/detection

 

How can we have this error whitelisted so it doesn't show at all, as this is an issue for us.

We need to have the issue resolved ASAP as this has financial and reputation repercussions with our clients..

Appreciate your assistance with this.

Kind Regards.

 

Link to post
Share on other sites

  • Staff

I scanned the file locally and do not seeing any detection. It may take some time to for VirusTotal to reflect.

Quote

In summary, certain heuristic detections from VirusTotal do not necessarily reflect the detections end-users would see from the Desktop version of Malwarebytes. This is not specific for Malwarebytes, as many other antivirus vendors in VirusTotal have a similar situation, where their VirusTotal cmdline scanner enables aggressive heuristics which are disabled by default in the Desktop product.

These discrepancies typically solve themselves over time, as our files processing and engine training backend picks these files up and marks them as goodware, and VirusTotal clears their cache and re-scans those files.

For more information, please read  VirusTotal-only detections, not detected in Desktop product.

Link to post
Share on other sites


Hi Team

Have given this some time since Monday, and there has been no change in the issue of our 2 files being marked as bad.
2 files uploaded separately, then together in a non-encrypted zip file.
Would very much appreciate if you could investigate these files and clear them as OK.
Both files are Installers for our software updates, which we can not put into production until we have them cleared.

Kind Regards and many thanks.


https://www.virustotal.com/gui/file/8a9b7b5b82d58bc6dd6af836f9ebd199c5b884abe63ca031bb298b7592734545/detection
PJT.exe        
Malwarebytes        Malware.Heuristic.1003

https://www.virustotal.com/gui/file/c7d4a729c1b136c945d2e3327c5b11b33239bb8864ee6bcbf7d3d1ba515e85a4/detection
Not Encrypted.support.at.pronamics.com.au.zip
Malwarebytes        Malware.AI.3464644714

https://www.virustotal.com/gui/file/a7b2638f795a44ecb3e1fbbc9ac4546ac5061a0e097df4fb9218ba7518cc0651/detection
EPSnapShot.exe
Malwarebytes        Malware.AI.3464644714

Not Encrypted.support.at.pronamics.com.au.zip

Link to post
Share on other sites

1 hour ago, Pronamics said:

Have given this some time since Monday, and there has been no change in the issue of our 2 files being marked as bad.

 

1 hour ago, Pronamics said:

Both files are Installers for our software updates, which we can not put into production until we have them cleared.

I have seen it take weeks or more to update in Virus total. VT has issues reaching Malwarebytes cloud for the updates.

Link to post
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.