search

jan-glx / accelSwitch

small tool to toggle mouse acceleration / enhance pointer precision on Windows
MIT License
32 stars 3 forks source link

False positive detections by Antivirus software (e.g. Malwarebytes) #6

Open alelom opened 4 months ago

alelom commented 4 months ago

As reported:

MachineLearning/Anomalous.95%, C:\USERS\username\DOWNLOADS\ACCELSWITCHER.EXE, 
No Action By User, 0, 392687, 1.0.84142, , shuriken, , 131A24E20DEF816EC0E2FA54841607A2, 
59F3F40A20E28A4E18FAAD760128080033A9CF3F29FCD725AD0DB017A7763809
jan-glx commented 4 months ago

Thanks for the report @alelom . The classification MachineLearning/Anomalous.95% indicates that this just based on the fact that accelswitcher does not look like your typical gui/cli program. I just checked the latest release (md5sum 69150327e7a19faf483892a828fa374d ) on virus total: https://www.virustotal.com/gui/file/65d6cf5716099640f8115313b0f9fe58e6ce02b93535634006d0b473a8ccc8e4 Where it gets flagged by 2/72 by some "AI" criterion. So if you are sure the file is downloaded from here/ the hashes match, then it is certainly fine.

You can verify the source here and the build process at https://ci.appveyor.com/project/jan-glx/accelswitch/build/job/kqgwyhbjlhjatks6 (Continuous integration for Accelswitch was implemented before github actions was a thing and Appveyor still is a reputable company. Since having the build process here on github would make this easier to verify I would welcome a PR to move it here.)

I have no interest in working with commercial anitvirus developers to improve their product but please feel free to engage with Malewarebytes on the project's behalves to get Accelswitcher whitelisted.

Do you have any tips what I could do on my side to avoid such false positive flags in general? I heard signing the executables would not really help.

alelom commented 4 months ago

I have no interest in working with commercial anitvirus developers to improve their product but please feel free to engage with Malewarebytes on the project's behalves to get Accelswitcher whitelisted.

Do you have any tips what I could do on my side to avoid such false positive flags in general? I heard signing the executables would not really help.

Understandable. Thank you for the clarification too, I only guessed it may have been something like that. Being reported by ML, I also doubt that signing the executable would help, unless the model looks for that too.