miekiemoes

Hi, This is indeed a false positive by our additional machinelearning engine we have implemented. This will get fixed. Thanks for reporting!

Our engine format and configuration in VirusTotal is different than our consumer and corporate products’ default configuration. In VirusTotal we use a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal. This file has been whitelisted for our commercial products and it is not detected anymore.

Hi, I don't get a detection on any of the files attached.

Hi, Your files have been whitelisted already 🙂

Hi, I cannot reproduce detection on the MemControl.exe file. Can you attach the detection log please, so we can have a look?

Hi, Please see here for PUP detections: PUP.Optional listings and disputes - File Detections - Malwarebytes Forums

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation: https://forums.malwarebytes.com/topic/238670-machinelearninganomalous-detections-and-explanation/ Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

Hi, If it is not detected locally anymore, than this has been fixed in a meanwhile already. Our engine format and configuration in VirusTotal is different than our products’ default configuration. In VirusTotal we use a command-line engine with more aggressive detection techniques and heuristics which might detect more than the commercial product. This is the norm with other antivirus vendors in VirusTotal as well.

Hi, This is indeed a false positive by our additional machinelearning engine we have implemented. This will get fixed. Thanks for reporting!

Thanks for the log, I will hide your post, so others can't see it but you. It's not really a false positive in your case. It's not malware either, but it's rather an alert because of the location the file is in and the scheduled task that assigned to it. Normal programs typically don't run from the downloads folder, but are installed in a different folder (eg, under an appdata/programdata subfolder or program files) and run their scheduled tasks from there instead of downloads. This is since a lot of malware does this from the downloads folder, hence why we need to alert the user about th

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation: https://forums.malwarebytes.com/topic/238670-machinelearninganomalous-detections-and-explanation/ Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

The difference is that the PATH environment variable only uses the directories listed there, whereas the app path registry key is more broad if no path defined. Can you check if there's a Path subkey defined for the HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\notepad.exe key in your case? I'll in a meanwhile adjust the detection to make sure it only detects if no path subkey or path is defined there.

Thanks. This isn't really triggered as malware, but as Riskware. That registry location can be exploited, where you can run any program only by typing the name of the program in the run command. We have seen malware making use/abuse of that, where they put a fake notepad.exe (that is malware), so calling notepad would then run the malicious one if one is available. That's why this is always a risk and not really recommended. In your case, it's not malware, just a registry key that has been set, so you can safely ignore this, or put in your exclusion list.

Hi, This is indeed a false positive by our additional machinelearning engine we have implemented. This will get fixed. Thanks for reporting!

Hi, Please zip and attach the detection log, as this provides more info than a screenshot.