Jump to content

Recommended Posts

I'm developing a personal c# .net project, and some of the DLLs of the project have been detected as positive by the Machine Learning engine (as MachineLearning/Anomalous.100%). Those DLLs are my own code, not external libraries, so I'm completely certain that they are safe.

These are the virustotal ids:

  • 6c98ec4685ca1ff066096d7faa7d83678a49d004f38d565f32915fbef3239bfb -> .net 6 version of the dll
  • bbe9007e2d4a61d80f5d8b09df047a6edc5e3eba4531a18b767a523220624563 -> .net 8 version of the dll

I submit two reports as I'm currently migrating the project to .net 8 and both files yield different output on VirusTota (5/72 for .net 6 and 1/72 for .net 8 version), despite only the .net 6 file has been detected as positive by Malwarebytes.

The project is a helper tool for a racing game, and I absolutely can't understand how it can trigger heuristic algorithms.

I'm really interested in knowing what behavior of the app is being detected as suspicious by the ML engine, because this is a project I plan to commercialize in the future and being falsely detected as malware is obviously a unfair handicap.

I'm willing to submit the source code if necessary.

Can you please help me?

 

Link to post
Share on other sites

10 hours ago, blender said:

Hello,

I am not seeing detection when I scan the files. Virustotal is not showing us detecting either. Decent chance "MachineLearning" fixed it itself.

If a re-scan still shows detection, can you post log please?

 

Rescanned and still positive, I sent you the log file via message.

Thanks for helping.

Link to post
Share on other sites

  • Staff

Hello again,

Pretty good chance the files I asked for won't be detected either when on my machine. You can send them anyway though so we can mark them as goodware.
 

I'll recommend you add your project/working directory to exclusions. This post explains why and sort of how we use MachineLearning as well as steps you can take to prevent future FP detections.

 

Link to post
Share on other sites

Thank you, I will send the requested files tomorrow. I'm out of town until then.

I know I can exclude those files or complete directory, what worries me is that it probably will be detected as malware when I didtribute the project. I want to understand with your help what behavior of my code is triggering the alert, and be able to correct it.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.