miekiemoes

Normally it should be OK and not detected anymore, as I got the above file. Unless the detection pops up again (who knows on a slightly different version), then please zip and upload the file (only the actual detected file and not the installer, as that makes it easier for us). I know this file is quite big (a 40-ish MB), so it probably won't allow to attach. So just use dropbox or any other similar filesharing interface for this. But normally, detection shouldn't happen anymore.

You're most welcome

Hi, This update will be delivered in the background.

Hi, I Installed, collected the sample and fixed the false positive, so this should no longer be detected anymore. As an additional note, we have an updated build for our AntiRansomware in a meanwhile which is more finetuned in order to detect better + also reduces False Positives in general, so this should also help.

Hi, Yes, figured that out already based on the filepath in above Please give me a few, as I need to install it on a seperate machine.

Hi, We just needed this file: C:\Program Files\FirestormOS-Releasex64\FirestormOS-Releasex64.exe This to avoid any confusion. But the installer works as well. But we then need to install it in order to collect that file.

Hi, Can you please zip and attach the file that was unquarantined? As I have not received it yet (from previous reply). Please see the instructions in above. As an additional note, a new component Update will go out soon for the Antiransomware protection where some of the above and similar FPs will be reduced and detection will be finetuned. Thanks!

Hi, I've sent you a private message with the reasoning why this is triggered.

Hi, Thanks for reporting. After a discussion with my team, this doesn't appear to be a false positive. Please see here for more info: If you believe your program is incorrectly classified based on the following criteria www.malwarebytes.com/pup, please contact pup AT malwarebytes DOT com. Only questions submitted to this email address will be reconsidered. Thanks!

Thanks. Seems they compressed fine, so it was able to attach. Someone will look into this shortly

Hi, We would love to get some additional files from you (the .arw captures) Can you also zip the folder ARW present in the C:\ProgramData\Malwarebytes\MBAMService folder? This file (zipped folder) might be too big to attach here, so can you upload it somewhere, so we can collect it easily? Thanks!

Hi, Yes, I asked someone from our Anti-ransomware team to give some more insight why the trigger happened.

Hi, I can't tell for sure, but it's possible why this is triggered.

Thanks. This helps to finetune the engine. Let me know if this is still detected. If so, please make sure/verify it's the correct GSBPArmyEditor.exe you sent, this since the one you attached doesn't seem to have the same exact checksum as in the log you attached.

Hi, The antiransomware engine is behavior detection, so it was probably triggered by file-modification/injecting in different files etc etc. Please zip and attach the actual file that is detected + the Mbamservice.log which is located in the following folder: C:\ProgramData\Malwarebytes\MBAMService\LOGS Thanks!