GSVT.zip detected as MachineLearning/Anomalous.95%

[BrianZ111]

According to a user on my website, Malwarebytes is reporting GSVT.zip as malware and as a result is also blocking my site, www.golfsimclubhouse.com.  The file is located at http://www.golfsimclubhouse.com/viper/downloads_other/gsvt.zip

Golf Sim Virtual Tournament (GSVT) is a utility created by another member of the community on my site which I do not believe to be malware.  According to VirusTotal (see link below), Malwarebytes is flagging it with MachineLearning/Anomalous.95% which is a heuristic rather than an actual match on something, as I understand it.

https://www.virustotal.com/gui/file/5f7341e21fc0d450137baf5e58d124ae1053d377707bb07be72b7ec22b67d910

Could you please correct the false positive detection of this file and my site, or if there is an actual match on something to flag the file, let me know so I can remove it from my site.

Thanks,

Brian

 

 

 

[Porthos]

25 minutes ago, BrianZ111 said:

According to a user on my website

I have no issue accessing your site. Can you get a log or screenshot of the blocks from your user.

The referenced file is not detected by the consumer or commercial versions of Malwarebytes.

The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. In VirusTotal Malwarebytes uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.

This will eventually fix itself in Virustotal as well, as Malwarebytes has no control over this. Virus Total is having trouble reaching Malwarebytes cloud.

Edited October 16, 2022 by Porthos

[Porthos]

I have submitted on your behalf a report on the download blocking. The site owner needs to get the download page hosted on a HTTPS server. Firefox blocks the downloads as well

 

Edited October 16, 2022 by Porthos

[BrianZ111]

Sorry my bad on the link, my website does support https, so just add the s and it should work:  https://www.golfsimclubhouse.com/viper/downloads_other/gsvt.zip

[BrianZ111]

I will ask the user to send me an screenshot of the issue he's seeing.  Thanks.

[Porthos]

7 minutes ago, BrianZ111 said:

my website does support https

8 minutes ago, BrianZ111 said:

so just add the s and it should work

Users should not have to do that step just to download something from your site.

[BrianZ111]

I haven’t had any users report issues with https but for some reason now I’m noticing clicking the link I just posted will not download under https but does under http.  All other files on my site download fine under https, so I’m not sure I understand why that would be.  Will wait and see what the user comes back with who reported it to me before investigating further.

[BrianZ111]

OK the link I posted on your forum is being converted back to http even though I put https in the URL.  So actually it's not working with http, which makes more sense.

And I haven't heard back from him yet but I think this may in fact be the issue my user is experiencing as well.  The person who posted the link to the utility on my forum posted it with http in the URL.  So while normally anyone browsing my site using https gets everything in https, this particular link is specifically http when you click on it.  One think I don't understand is, if a browser won't load an http URL, why doesn't it try changing it to https for the user and only fail if the site doesn't support https?

[Porthos]

12 minutes ago, BrianZ111 said:

this particular link is specifically http when you click on it

Everything I tried downloading from your site is blocked due to this issue. If it is hosted directly on your site it will be blocked.

Your entire site is http.

You can install Malwarebytes Browser Guard and test them on your own. It is free.

 

Edited October 16, 2022 by Porthos

[Porthos]

Not every browser forces HTTPS by default. Chrome for example does. Firefox does not.

So as long as your users use a Chromium based browser the block does not exist.

Bet your user uses a Firefox based browser.

 

Edited October 16, 2022 by Porthos

[shadowwar]

this was whitelisted automatically by the engine today. 

[BrianZ111]

Thanks guys.  It seems most users enter my site using https and stay in https but a few don't and they mostly don't have issues either but if they post a link to a file on the site using http and somebody in https clicks on it then it seems to cause an issue.  Eventually I'll setup redirection from http to https on all URLs on my site but for now I've just made everyone aware of the issue.