Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

6 Neutral


About pbust

  • Rank

Profile Information

  • Location

Recent Profile Visitors

114,821 profile views
  1. If you don't want to manually have to deal with unquarantining FPs you should run in default configuration. I believe there's a button to "restore to defaults".
  2. Thanks for reporting zimlo. Did you manually enable the "expert systems algorithms" option under the Advanced Settings?
  3. We are pushing changes to the detection logic, but Google publishing process has slowed down considerably. Used to be a couple of hours and nowaday's it's a couple of weeks. But rest assured, it is getting fixed.
  4. Depending on what your app is doing, you might also uncheck WMI abuse.
  5. Try unchecking it for browsers. Also, check under Advanced Settings -> App Behavior Protection and uncheck for Office VBA7 to see if that makes a difference. WARNING: You will be unchecking core protections which are actively abused by malware gangs.
  6. This is a block due to Malwarebytes system-hardening technique. The block should only happen when a page is visited that tries to load the vbscript.dll component. VBScript has been deprecated by Microsoft years ago. It is a gaping security hole and actively abused by web-based exploits and drive-by downloads. If you would like to take the risk (not recommended!) you can disable this hardening technique under the Advanced settings of Anti-Exploit, Application Hardening, "Prevent loading of VBScript Library".
  7. FWIW, .XYZ and .CLUB are fixed. We are still finetuning other gTLDs, so you might still see some aggressive gTLD blocks outside .XYZ and .CLUB. Over the next few days and weeks we'll tackle the rest of the gTLDs.
  8. Thanks for your productive criticism. When I said "completely" above, refers to the problem of near-blanket gTLD blocking, not distinguishing all good from all bad.
  9. We're targeting Monday or Tuesday next week.
  10. As a stop-gap measure, we have implemented an initial whitelist which went live a few minutes ago. We are implementing further mitigating measures and new logic in the next few hours and days which should completely solve the problem.
  11. Like I said above, the Malwarebytes product does not detect the file. The VT detection is irrelevant because those are heuristics and techniques not activated in the product.
  12. It's not a cache issue and it's not possible to do this on a case by case basis. VT scans millions of files per day. Btw, the same thing will happen with most other scanners in VT.
  13. Our engine format and configuration in VirusTotal is different than our consumer and corporate products’ default configuration. In VirusTotal we use a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal. This file has been whitelisted for our commercial products and it is not detected anymore.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.