Yeah, that’s the frustrating part, it could be either way. Could be based on a heuristic analysis that recognized a pattern associated with malware (that may be based on the malicious parts of the code or maybe some big data algorithm associated otherwise innocent code with the malicious software and flags anything with similar code), maybe it’s just some string match (ie a bad attempt but maybe in good faith), or maybe they are using the malicious code removal tool to also targer code that the user wants but MS considers malicious to their desire to make money.
Iirc, it’ll say what it matches it to but from what I remember, the actual details remain vague. Like it seems to be at a “report information that sounds useful to managers” level rather than a “report useful technical information for engineers who want to understand what’s happening at a low level”. So you get malware name but nothing about what that malware does or how this current flag associated it with that.
Yeah, that’s the frustrating part, it could be either way. Could be based on a heuristic analysis that recognized a pattern associated with malware (that may be based on the malicious parts of the code or maybe some big data algorithm associated otherwise innocent code with the malicious software and flags anything with similar code), maybe it’s just some string match (ie a bad attempt but maybe in good faith), or maybe they are using the malicious code removal tool to also targer code that the user wants but MS considers malicious to their desire to make money.
Iirc, it’ll say what it matches it to but from what I remember, the actual details remain vague. Like it seems to be at a “report information that sounds useful to managers” level rather than a “report useful technical information for engineers who want to understand what’s happening at a low level”. So you get malware name but nothing about what that malware does or how this current flag associated it with that.