shadowwar

Staff
  • Content count

    7,996
  • Joined

  • Last visited

2 Followers

About shadowwar

  • Rank
    Forum Deity

Recent Profile Visitors

59,730 profile views
  1. HardOCP.com & HardForum.com Blocked

    Database is out. fixed as of 1.0.3462
  2. HardOCP.com & HardForum.com Blocked

    Kyle i was able to investigate with the web team lead. This will be removed shortly. Thanks for reporting this. No way your site should of been swept up in the block of hashflare. It does have to do with cloudflare and we are investigatin as to why this happened. Thanks for the report. Should be fixed within the hour.
  3. HardOCP.com & HardForum.com Blocked

    Hi Kyle, Long time lurker at your site. Love it myself. I am on there now and dont see this. Is it maybe a specific post or something or can you instruct on how to duplicate so i can track this down and get the right person on it? Thanks!
  4. microsoftonline.com Blocked

    Correct if you are getting this please update. This has been fixed in latest database updates.
  5. You will see a decrease in the size of our main mbam database since December 1st as we optimized it for performance. Other than a slight boost to scan times and less counts in your scans you should not see any other changes.
  6. Possible False Ransomware Warning

    This is more then likely a false positive. Can you zip the file being quarantined and also attach the mbamservice.log that is located here: C:\ProgramData\Malwarebytes\MBAMService\LOGS
  7. false postif

    These are not a false positive. Please see this post on how to get them removed.
  8. If you could pm me some of the files you are creating so i can see what is happening against our system it would be appreciated. We did over the past weekend adjust the model for what you were writing in. A valid signature does help a decent amount but we do no blanket whitelist based on signature. If you can get me a set of samples you are currently developing and they are still detected currently i can get this to the shuriken devs and see what needs to be done. Thanks!
  9. Not sure we are on the same page here. Pe_Compact is also mostly used by malware. mangle.exe is not normal as its packed by pe compact. https://www.virustotal.com/en/file/2827e821353ff1b20c33bfd9e5fee88cab3aa1b92ce4da59dfae821bc2528873/analysis/1511839651/ Packers identified F-PROT PECompact, PecBundle PEiD PECompact 2.xx --> BitSum Technologies test wipe__protected.exe is enigma packed kp.exe is pe compact. DDT nice.EXE is pe compact. Your log though has more files though then what was submitted inside the zip. PB SKYFRAME\GEN APPS\CREP FNV HASH CONVERTER\BMT.EXE NOT SO GOOD PROGS\TRASH PE\TRASH PE.EXE If you want to pm me the zip i can work on filtering these out also. We have been adjusting our models over the past couple of weeks. We have made adjustments to detect more but with that of course requires some adjustments to filter out fps on rare occuring files. Just to note we dont necessarily detect these as malware just more as its a anomalous file cause of its construction. This is what this detection name is: MachineLearning/Anomalous.100%
  10. Inappropriate block

    Yep your up to date if it says current.
  11. Inappropriate block

    This should already be fixed. Please update yuour database and it should no longer be detected.
  12. Part of the reason you are having issues with the signatureless detection is because of the enigma packing and other tools you are running on your files to protect them from cracking. This is exactly what malware does to try to protect their files from being reversed. Just for example. vmtest.exe https://www.virustotal.com/en/file/4592f0a0590d3c9d79159e787bfdadc76b1ee9bf62cdecf617bf827268375003/analysis/1511892003/ vmtest_protected.exe https://www.virustotal.com/en/file/76c0c5a903c48f72d68b01104e691cee34598d0bbc17d85f53b80baa265d3e3b/analysis/1511839347/ See the difference in the amount of detections? Enigma isnt such a great packer to use on a legit piece of software because mostly malware uses it. It also adds a lot of anomalies to a file. That being said any of the files you submitted above have been added to whitelist. We also adjusted our model a bit for these type of files.
  13. Potential false positive detection

    Thanks for reporting. This should be no longer detected.
  14. Potential False Positive

    fixed in MBAM2 Version: v2017.11.20.08 MBAM3 Version: 1.0.3304