Jump to content

False Positive reporting

Wonderdollar

By Wonderdollar
in File Detections

 Share

Recommended Posts

Wonderdollar

Wonderdollar

Posted
Posted

I use VISUAL TAX Software for over 10 years for making income tax returns. Malwarebytes never ever had any problems with the file. However, yesterday when I scanned, it reported 4 files as malware. I thought it was weird but just to check what happens, I quarantined those file. Now I can not even use the software on my machine. The files have been reported as false positive by Malwarebytes as these are genuine files with a genuine software. I am pasting details of the files here and attaching a pdf file with details and would request you to let me know how I can mark them safe and use the software again.

All 4 files mentioned as Machine Learning/Anomalous 100%. Details below

 Type                                                 Location                                                                           Action

Process                            C:\VT-2022\VT2022.EXE                                                        QUARANTINED

Process Module             C:\VT-2022\VT2022.EXE                                                          QUARANTINED

File                                 C:Documents and Settings\Desktop\VT-2022.Ink                  Delete-on-Reboot

File                                C:\VT-2022\VT2022.EXE

 

Please do the needful.

Thanks.

False Positive by Malwarebytes.pdf

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation:


Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. But we wold need the file in order to have it retrained and added to our whitelist. So can you zip and attach the VT2022.EXE  file please? 

Link to post
Share on other sites
Wonderdollar

Wonderdollar

Posted
  • Author
Posted
8 minutes ago, miekiemoes said:

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation:


Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. But we wold need the file in order to have it retrained and added to our whitelist. So can you zip and attach the VT2022.EXE  file please? 

14 minutes ago, Wonderdollar said:

I use VISUAL TAX Software for over 10 years for making income tax returns. Malwarebytes never ever had any problems with the file. However, yesterday when I scanned, it reported 4 files as malware. I thought it was weird but just to check what happens, I quarantined those file. Now I can not even use the software on my machine. The files have been reported as false positive by Malwarebytes as these are genuine files with a genuine software. I am pasting details of the files here and attaching a pdf file with details and would request you to let me know how I can mark them safe and use the software again.

All 4 files mentioned as Machine Learning/Anomalous 100%. Details below

 Type                                                 Location                                                                           Action

Process                            C:\VT-2022\VT2022.EXE                                                        QUARANTINED

Process Module             C:\VT-2022\VT2022.EXE                                                          QUARANTINED

File                                 C:Documents and Settings\Desktop\VT-2022.Ink                  Delete-on-Reboot

File                                C:\VT-2022\VT2022.EXE

 

Please do the needful.

Thanks.

False Positive by Malwarebytes.pdf 263.09 kB · 1 download

Thanks for the quick reply.

I had attached a pdf file with the details earlier. Now I have downloaded the text file with more details from Malwarebytes and it is attached here again to provide you a better idea. However, is it possible to reverse the action taken by me so that I can access my software.

 

Please advise.

 

Thanks

 

Malwarebuytes False Positive.txt

Link to post
Share on other sites
Wonderdollar

Wonderdollar

Posted
  • Author
Posted
26 minutes ago, Wonderdollar said:

I use VISUAL TAX Software for over 10 years for making income tax returns. Malwarebytes never ever had any problems with the file. However, yesterday when I scanned, it reported 4 files as malware. I thought it was weird but just to check what happens, I quarantined those file. Now I can not even use the software on my machine. The files have been reported as false positive by Malwarebytes as these are genuine files with a genuine software. I am pasting details of the files here and attaching a pdf file with details and would request you to let me know how I can mark them safe and use the software again.

All 4 files mentioned as Machine Learning/Anomalous 100%. Details below

 Type                                                 Location                                                                           Action

Process                            C:\VT-2022\VT2022.EXE                                                        QUARANTINED

Process Module             C:\VT-2022\VT2022.EXE                                                          QUARANTINED

File                                 C:Documents and Settings\Desktop\VT-2022.Ink                  Delete-on-Reboot

File                                C:\VT-2022\VT2022.EXE

 

Please do the needful.

Thanks.

False Positive by Malwarebytes.pdf 263.09 kB · 1 download

Hi,

I am not sure which file you want me zip file and attach it. I have done a zip file for the details provided by Malwarebyte and am attaching the same. Please confirm if you are looking for this information. However, my question remained unanswered. Can I undo the action taken by Malwarebytes for quarantining and deleting the files.

Malwarebuytes False Positive.zip

Link to post
Share on other sites
Wonderdollar

Wonderdollar

Posted
  • Author
Posted (edited)

Hi,

I undid the quarantine and my tax software has started working. Thanks.

As required, I have converted the VT2022.EXE file in to a zip file but even the zip size is too big to attach here. If you provide me an email address, I can send the zip file there. Or, you can download the said file from the VISUALTAX website  

https://visualtax.com/

 

Thanks once again for your help.

Edited by AdvancedSetup
Disabled live hyperlinks
Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Thanks. I've installed it from the site, but the VT2022.EXE I had isn't the exact same one as you have (but there might be many different ones). I see that we also detect some older ones, so I will look at these and see if I can whitelist so future versions won't be detected either.

This will be applied in next database update.

For now, please create an exclusion for the VT2022.EXE file, otherwise it will be detected again when you relaunch it, until next database is out: https://support.malwarebytes.com/hc/en-us/articles/360038479234-Exclude-detections-in-Malwarebytes-for-Windows (exclude file or folder option here)

Link to post
Share on other sites
Wonderdollar

Wonderdollar

Posted
  • Author
Posted
6 minutes ago, miekiemoes said:

Thanks. I've installed it from the site, but the VT2022.EXE I had isn't the exact same one as you have (but there might be many different ones). I see that we also detect some older ones, so I will look at these and see if I can whitelist so future versions won't be detected either.

This will be applied in next database update.

For now, please create an exclusion for the VT2022.EXE file, otherwise it will be detected again when you relaunch it, until next database is out: https://support.malwarebytes.com/hc/en-us/articles/360038479234-Exclude-detections-in-Malwarebytes-for-Windows (exclude file or folder option here)

Thanks.

I am now attaching a zip file from my laptop after undoing the quarantined items. It says application file. Maybe this is the one you are looking for?

Please confirm.

 

vt2022.zip

Link to post
Share on other sites
Wonderdollar

Wonderdollar

Posted
  • Author
Posted

I have uploaded the application file and maybe that is the one you are looking for.

Right now my software is working. So, even if I run Malwarebyte and it detects these files again and ask to quarantine, I will not do it and ignore it. I hope that would keep the status quo till such time the files are whitelisted in your system.

 

Thanks

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.