===> False Positives <===

[Mops21]

Hi Mops21,

Thanks for your feedback.
Theses files are all false positives, currently detected by MalPE detection engine (still in beta).

Could you please make an archive containing a copy of all of them and attach it with your next reply ?
Analysing them, will help us improving the detection accuracy.

Regards.

Hi

Thank you very much for your Infos

I will send you the Files part via part to you

https://www.sendspace.com/file/ohf7av

With best Regards
Mops21

[Curson]

Hi Mops21,

Thank you very much.

Regards.

[Mops21]

Hi

Here are 2 more Samples for you

https://www.sendspace.com/file/eyfi17

Can you add a submitz Files Button into the Rogue Anti-Malware please
And you can add a function to pack all detected Files into a zip Folder please for send them via email or via forum

With best Regards
Mops21

[Curson]

Hi Mops21,

Thanks for your feedback.
We will add your suggestion to our roadmap.

Regards.

[Mops21]

Hi

Thank you very much for your Infos

Here is the Scanlog of the Files

And can you add this Option or function to Rogue Anti-Malware please

Can you add a go to the detected Filepath of the File please

With best Regards
Mops21

[Curson]

Hi Mops21,

You are welcome.
This will be added to the roadmap as well.

Regards.

[Lemonsfluffynoodles]

Hi I just had a detection with google chrome called MalPe.99 somehow I deleted the scan log, but thought I would post anyway, is this a false positive?

[Curson]

Hi Lemonsfluffynoodles,

Thanks for your feedback.
Without the scan log, it's not possible to tell, but there is a high probability that was a false positive.

Regards.

[Cdew112]

hey ran into this yesterday equilizer.apo  is from fileforge which is legit. MWB and HMP didnt pick this up so not sure if false-positive or not.

[Curson]

Hi Cdew112,

Welcome to Adlice.com Forum.
This is indeed a false positive. It will be whitelisted as soon as possible.

Regards.

[Lemonsfluffynoodles]

Hi Is this a false positive ?

[Curson]

Hi Lemonsfluffynoodles,
​
Yes, these are false positives.

%localappdata%\Temp\7zS9460.tmp\N2080_FW_Upgrade_Tool_V003\GPCIDrv64.sys
%localappdata%\Temp\7zS9460.tmp\N2080_FW_Upgrade_Tool_V003\GPCIDrv64.sys

RogueKiller automatically detects loaded modules located in temporary folders as [Suspicious.Path].

%localappdata%\SLR VR Application\SLR_Data\Managed\SteamVR_Actions.dll
%localappdata%\SLR VR Application\SLR_Data\Managed\SteamVR.dll
%localappdata%\SLR VR Application\SLR_Data\Managed\Assembly-CSharp.dll

​​You have enabled RogueKiller MalPE engine, which uses a predictive AI model. The engine is still is in beta state and prone to false positives detection, like in your case.
For the time being, it's advised not to use it unless you know what you are doing.

Could you please make an archive of the three files listed above and attach it with your reply ?
Analysing thoses files will help us improve the MalPE engine.

Regards.

[techknowledge]

%ProgramFiles%\Pulseway\*.ps1
All of my powershell scripts that are running get killed by roguekiller.

roguekillercmd arguments: -scan "-reportformat txt -reportpath $ThisApplicationLogFile -portable-license $roguekillerlicense" -autodelete -no_interact

Thank you for your time!

[Curson]

Hi techknowledge,

Welcome to Adlice.com Forum and thanks for your feedback.
Could you please attach a scan report with your next reply ?

Regards.

[eurekaa]

A false positive error, or in short a false positive, commonly called a "false alarm", is a result that indicates a given condition exists, when it does not.