shadowwar

Thanks for reporting. This should no longer be detected.

The file that caused this is located here: hxxp://downloads.enviromint.com/temp/k3x0prxh/maxwelleliterealtydealmanagerfiledownloader.exe We have verified it isnt malware and will be removing the block next update. Just so you know a lot of Av's detect this. https://www.virustotal.com/gui/file/ffd19a2394a58573bd37a62546b8de8f349a8366a92f2af37714d4e8982e1cf9/detection

This should no longer be detected. Thanks for reporting.

Note. In some instances this may be still detected. The file is ok and will need to be added to exclusions if still detected.

Correct. Nothing to be concerned with.

Thanks. This should no longer be detected.

Well we recommend all devs exclude their working folder. Partial code and objects can trip up anomaly detection as its not common for a normal user to have those on their system. You can send me the mbamservice.log and i might be able to analyze it from there. Its located here: C:\ProgramData\Malwarebytes\MBAMService\logs If you would like you can zip up some of the files detected and private message me with them and i can look at what is going on.

Can you please attach the nortonsecurity.exe zipped here so i can fix this? Or can you also attach the mbamservice.log located here: C:\ProgramData\Malwarebytes\MBAMService\logs

You should be ok to reply now.

I am bringing this to attention to the mods. Can you maybe pm me the response if you want?

The anomaly detection system is a self learning system. When it runs across a file it doesnt know if tests it and if it turns out not to be malware then it whitelists it. So FPS are less then in this instance and not a detection missed issue. The system has learned a lot in the past year along with other improvements code wise. If you still have files that are fps please attach them here and we can analyze them and expedite the whitelisting as sometimes the system can take up to 24 hours to adjust. So fps have gotten less over the past year is what you are running into thus less fp detections. Detection of malware has greatly improved. We recommend always excluding your working directory. The reason being is non code ready files can look anomalous to the engine as they are not a complete file and would never been seen in the wild otherwise. What version are you talking about for custom scans? 3 or mbam 4 beta?

If its just a bmp resource and no other code then it will definitely trip as that is an anomalous file. Malware often uses the bmp resource trick to hide code and dump it from the resource. I recommend excluding your working directory till the file is code complete then see if we detect. I have forwarded your information onto the people in charge of this.

So quick question for clarifcation with the devs. Is all you are doing is adding a bmp resource with no other code or does other code exist also in the file?

Can you zip and attach this file? or provide the md5 of it? Its not in the logs you attached. C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe

ok transferring this to exploit protection