Jump to content
Kaspersky Support Forum

False positive regarding MAME exe, please fix this.

voorhees_13

By voorhees_13
in Kaspersky Total Security

 Share

Recommended Posts

Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

Hello @voorhees_13

Welcome back!

  • Check the detected object using Kaspersky Open Threat portaland select the Submit to reanalyze option, add your email address & comments to send to Kaspersky experts for further analysis.
  • Log a case with Kaspersky Technical Support, fill in the template as in our image; zip the .exe file, name the zip archive malware, or infected & protect the zip archive with a password, add the zip archive to the request; add the password to the request; in the problem description provide a detailed history, images & or video: if they help explain the problem & the URL/link to this Community topic: Support may request Logs & or other system data, they will guide you if necessary:

 

 

  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in their MyKaspersky account.
  • Please share the outcome with the Community when it’s available? 

 

Thank you🙏

Flood🐳+🐋

Link to comment
Share on other sites
voorhees_13

voorhees_13

Posted
  • Author
Posted

Hello @voorhees_13

Welcome back!

  • Check the detected object using Kaspersky Open Threat portaland select the Submit to reanalyze option, add your email address & comments to send to Kaspersky experts for further analysis.
  • Log a case with Kaspersky Technical Support, fill in the template as in our image; zip the .exe file, name the zip archive malware, or infected & protect the zip archive with a password, add the zip archive to the request; add the password to the request; in the problem description provide a detailed history, images & or video: if they help explain the problem & the URL/link to this Community topic: Support may request Logs & or other system data, they will guide you if necessary:

 

 

  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in their MyKaspersky account.
  • Please share the outcome with the Community when it’s available? 

 

Thank you🙏

Flood🐳+🐋

 

I had already just deleted everything in the folder off my pc, is it possible to still go ahead with the case? Kaspersky will just auto quarantine the .exe and I won’t be able to upload it.

Link to comment
Share on other sites
voorhees_13

voorhees_13

Posted
  • Author
Posted

Hello @voorhees_13

Thank you for posting back👌

On the Windows Taskbar, rightclick the Kaspersky icon, select Pause protection

 

 

Thank you🙏

Flood🐳+🐋

 

The file was too large to be uploaded normally, and it detected as malware even through the .rar I uploaded it as, and every time I tried to send the object for re-validation, it throws me an error.

Link to comment
Share on other sites
  • 3 months later...
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

@Flood and Flood's wife

MAME’s latest official builds are always posted here: https://www.mamedev.org/release.html

Though this false positive also affects any alternate builds made by others, using the publicly available source (being an open-source project).

Hello @ICEknight

Thank you. 

Kaspersky need the file @voorhees_13’s is working with. 

Flood🐳+🐋

Link to comment
Share on other sites
ICEknight

ICEknight

Posted
Posted

@Wesly.Zhang @Flood and Flood's wife 

I got that false positive today (with the exe getting automatically quarantined after just opening the folder it was in), with the “mame230_32bit.7z” build which can be downloaded from here:  https://drive.google.com/drive/folders/1eiNztWEpk0C7CiiZXz0SMDM_eJOmb0FO

It seems to have been randomly happening with certain builds for some time now, as can be read in this discussion from January, which also gives some hints on its possible reasons: https://forums.bannister.org/ubbthreads.php?ubb=showflat&Number=118317

 

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

@Wesly.Zhang @Flood and Flood's wife 

I got that false positive today (with the exe automatically quarantined after just opening the folder it was in), with the “mame230_32bit.7z” build which can be downloaded from here:  https://drive.google.com/drive/folders/1eiNztWEpk0C7CiiZXz0SMDM_eJOmb0FO

It seems to have been randomly happening with certain builds for some time now, as can be read in this discussion from January, which also gives some hints on its possible reasons: https://forums.bannister.org/ubbthreads.php?ubb=showflat&Number=118317

 


Hello,

Do you use a x86 OS?

Regards.

Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

@Flood and Flood's wife

MAME’s latest official builds are always posted here: https://www.mamedev.org/release.html

Though this false positive also affects any alternate builds made by others, using the publicly available source (being an open-source project).

Hello @ICEknight

Apologies, we had no idea, from your original post, you were also affected by the issue😥
Thank you🙏

Flood🐳+🐋

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

 

Do you use a x86 OS?

 

Yes, though I don’t think the others who reported this do.


Hello,

Could you give me a offical download source? I see the offical website, but I can not find a x86 build.

You have a x86 OS, maybe you can download a x86 version. Please give me the download url for 32 bit build. I cannot access google cloud because of national policy. Sorry

Regards.

Link to comment
Share on other sites
ICEknight

ICEknight

Posted
Posted

 

Could you give me a offical download source? I see the offical website, but I can not find a x86 build.

You have a x86 OS, maybe you can download a x86 version. Please give me the download url for 32 bit build. I cannot access google cloud because of national policy. Sorry

 

There’s no official 32 bit builds anymore. I’ve reuploaded it here: https://file.io/xLdLyXjKerAp

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

@Wesly.Zhang

You have all previous official releases in this link, including 64 and (old) 32 bit binaries: https://www.mamedev.org/oldrel.html


Hello,

I have received the sample you provided to me. As I think (maybe I may not have looked at all the assembly code, because this file is really big. ), this is a false positive. But This point needs to be confirmed by the KL virus lab. The relevant file has been submitted and are waiting for their confirmation. (INC000012750277)

If they reply any information, I will post here.

Regards.

Link to comment
Share on other sites
Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello,

A new information : KL confirm it is a false positive. It will be fixed related to https://file.io/xLdLyXjKerAp sample.

Regards.

 

Thanks, any word if they’ll fix it so that the false positive won’t happen with previous and newer (monthly) versions?


Hello,

I am not sure. If the newer version occur again, Please sent the detected object to KL support or sent a e-mail to china-support@kaspersky.com.

Regards.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing


×
×
  • Create New...