tetonbob

You're quite welcome! We apologize for the inconvenience.

Hello again, @prenup Our Research team has confirmed this to be a False Positive. It should no longer be detected. Thank you for your report!

Thank you @prenup and also @Firefox for the assist. We'll turn this over to the Research team for evaluation now. This does appear to to me to be a False Positive. For now, you can add an Exclusion for this file so it's not detected.

Hi @SamVoX - sorry for the delay in response, Support is experiencing a high volume of tickets. You have a reply in your Malwarebytes Support Ticket 2731849 As you have an ongoing Support ticket, and have received a reply, I'll go ahead and close this topic now. Thank you for being a valued Malwarebytes customer!

@prenup - Please zip and attach the file in question after performing the steps detailed by @Firefox Thanks!

It will remain the same for our Release build once it's ready.

@Firefox - yes indeed, a different blue is being used in MB4.

Thanks for your continued feedback, Bill! Keep it coming 🙂

Thanks for your report @BillH99999 - we do have a defect logged for this issue.

Great, thanks for confirming for us, @REGITDept. I'm glad to hear that the FP issue is resolved for you as we expected.

The FP is caused by the Ransomware Protection component reacting (incorrectly in this case) to certain functions being carried out by the live update. You could just exclude this one file, I believe C:\Program Files\Norton Security\Engine\22.19.8.65\NortonSecurity.exe That being said, it's a generally safe practice to use mutual exclusions between multiple security products installed on a single system. And, if you prefer, you can remove the exclusion. But until we release a new component update, you may get another FP.

Hi @Concerned - this was indeed the same false positive. This is a code-side FP and not resolved in the same manner as a database FP. We are working towards a code-side solution but for now the type of workaround you performed would need to be used for this specific type of false positive. We apologize for the inconvenience and ask for your patience.

@Concerned- this is likely a false positive, but to be sure, please provide the log located at C:\ProgramData\Malwarebytes\MBAMService\Logs\MBAMService.log Thank you.

Thanks for the log. It confirms this is a false positive as you expected. The exclusion is the correct workaround. We're aware of a code issue which is causing this type of false positive and are working on devising a solution. We apologize for any inconvenience.

Hi @DSperber - Can you please attach the following file? C:\ProgramData\Malwarebytes\MBAMService\Logs\MBAMService.log