Closed MU-03 closed 3 months ago
cape is done to analyze malware, if you see FP signature you are welcome to fix those, they are in community repo, but if legit binary does something that malware does too, we can't do nothing.
malscore is not enabled by default in cape - for good reason.
Also like doomed says the level of detail in this issue is ridiculous. Not even an example!
For example this signatures appears to be in every single file analyzed , it appears to be from suricata after a bit digging
Well we can't control it
so i have found literally nothing by googling "udp scan by nmap terdeteksi!"
. i never saw this signature(nmap) in my sandbox. I have feeling that you have a bad windows configuration. but once against the quality of details of the issue is bad. instead of this or as extra you could from network tab then suricata and where you have all the details about that match so we could see what generates that match. but quality of issue details
== quality of response
About accounts on capesandbox.com
This is open source and you are getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Expected Behavior
Getting low/appropriate signatures for legit files
Current Behavior
Getting 10 malscore for every file im analyzing , including the legitimate/safe ones, with signatures that shouldn't be there as the file is not a malware, its happening with every file type including xls, word, exe etc
Failure Information (for bugs)
Please help provide information about the failure if this is a bug. If it is not a bug, please remove the rest of this template.
Steps to Reproduce
Please provide detailed steps for reproducing the issue.
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions. Operating system version, bitness, installed software versions, test sample details/hash/binary (if applicable).
$ git log \| head -n1
to find outFailure Logs
Please include any relevant log snippets or files here.