miekiemoes

Hi, Is this the log from the affected endpoint itself? Because this was fixed in database version v2019.06.15.02 already. Can you open the Malwarebytes user interface on the affected client and check there? Alternatively, can you look in the same folder where you got this system log and get the scan log from that endpoint? This should show the exact detection and database version as well.

Hi, Can you check/verify the database version from the affected Client? As this one might still have an older database version. Thanks!

Hi, Normally not, as the machinelearning engine learns from these files and will automatically use additional logic to not detect.

Hi, We weren't detecting any of the files attached. But I've added them to the whitelist for these files only.

Hi, here's a screenshot of how to add exclusions.

Hi, I can't reproduce detection of the files you attached earlier. Can you check if these are the exact same files and re-attach if different? Thanks

Hi, Please zip and attach the files you want analyzed here to this post and we will verify if they are detected as false positives and fix/remove the detection again. Thanks!

Hi, This is a PUP detection, so Potentially Unwanted. Given you want to keep it, Please add what it found, to your exclusions. In order to do so, when it has found the detections, unselect the items you want to remove and then click next. Then you'll get an additional prompt in order to add these to the exclusions.

Hi, This has been fixed. Thanks for reporting!

Glad to hear and thanks for the heads-up!

Thanks. ClassicUO (the ClassicUO.exe file itself) is never triggered by our machinelearning. It's mainly razor.exe. But a next database update should fix this.

Thanks. This might be a different version of razor.exe, than the previous one attached, but I will be able to collect some more razor.exe files for applying a better whitelist for these, in order to cover previous and future versions. Thanks for reporting!

Yes, our detections also apply to the passive/background scanner, mainly when something is launched/executed. But we typically fix false positives immediately, especially if they are related with our machinelearning detection (as minor FPs might always happen with machinelearning engines), so it could have been a one time detection for you only where it was fixed immediately afterwards. Nevertheless, thanks for the heads-up!

Hi, I can't reproduce detection anymore, so this might have been fixed already. Can you rescan again and see if it's still detected? If still detected, can you zip and extract the contents of the archives and scan on them and let me know what exact file is being detected in the archive? This since even extracting these archive files don't yield any detections. Thanks!

Hi, I can't reproduce detection anymore, so this might have been fixed already. Is this file still detected on your end? Thanks!