steve1717

I had this happen to me also and would never have known except I use an updater tool PatchMyPc that flagged it for me today. Nothing flagged by Malwarebytes. Malwarebytes was back on version 3 and claimed no updates available. The point is that you may have a large number of your users in this situation. I suggest you push out an update for anyone on version 3.00 that updates them to the current version. Simply waiting for users one at a time to notice and do a manual update is poor for a security company. People trust you and you should be proactive. You automatically broke things. You should automatically fix it.

I have been using Malwarebytes 3 premium and Kaspersky Internet Security both 2019 (paid) and 2020 (paid) together with no problems until November 1, 2019. Turned on computer on November 1, 2019 and something happened and spent many days since trying to find the problem. Did a full image restore back to October 27 2019 and problems kept happening so something kept updating. Main issues 1) Steam crashes / freezes and will not download 2) Chrome opens but if closed will not reopen. Bootstrapper.exe seems to be the main file crashing and blocking a system shut down. Also unable to download from a non steam website Paradox Games. Speed test says everything fine and can down load from other sites. Today I was able to download from steam in safe mode ( Windows 10 pro 64 bit ). Next uninstalled Kaspersky and used windows defender. Was able to download from Paradox site that was not working. Next installed Bit Defender - no real change I think. Next turned off Malwarebytes 3 premium and then steam would work and download. Tried turning off each protection one at a time with Malwarebytes with no effect. Had to be all off and Malwarebytes closed. Conclusion There seems to be something wrong with both Kaspersky and Malwarebytes that changed recently ( November 1 ? ) that is causing major problems with chrome, steam, and downloads from some sites. Note I had exclusions in both Kaspersky and Malwarebytes for each other and for steam. I hope any problems in Malwarebytes can be fixed because I really like it. For now both Kaspersky and Malwarebytes are off and I am using trial of Bit Defender. Have not tried Malwarebytes 4 and I did not know about it unless it auto updated from 3 to 4 without me knowing.

I just ran another test today with a custom scan and a full threat scan including a new 1.25.3 version of validator with no false positives. Thank you very much for all your help. Note I did this before I saw your post above about deleting the cache.

I just tested again after doing another database update. We are making progress. The good news is: 1) both the zipped and unzipped versions of the latest version of the validator.exe are not detected as malware. 2) Almost all of the previous versions in their zipped state are not detected as malware. I have not tested unzipped for the previous versions because I assume the detection would be the same? The bad news is that one recent previous version in its downloaded zipped format is still detected. This version is attached. I notice about this detection is it is marked MachineLearning/Anomalous.96% ( note the 96 rather than the normal 94 ). Is 96 somehow different than 94% ? -Log Details- Scan Date: 4/2/18 Scan Time: 2:37 PM Log File: 3d471b2e-36ad-11e8-9ab2-001fbc09701f.json Administrator: Yes -Software Information- Version: 3.4.4.2398 Components Version: 1.0.322 Update Package Version: 1.0.4588 License: Premium -System Information- OS: Windows 10 (Build 16299.334) CPU: x64 File System: NTFS User: Steven-PC\Steven -Scan Summary- Scan Type: Custom Scan Result: Completed Objects Scanned: 178253 Threats Detected: 1 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 0 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 MachineLearning/Anomalous.96%, I:\PARADOX\DATA\EU4\VALIDATOR\AUDAX.VALIDATOR V1.21.5.ZIP, No Action By User, [0], [392687],1.0.4588 Physical Sector: 0 (No malicious items detected) (end) Audax.Validator v1.25.1.zip mbae-default.log MBAMSERVICE.LOG

I received an email telling me this has been solved. It has not. Please do not close this thread. I just updated and ran a custom scan today and it is still detecting the false positives. Was there something else that was supposed to be updated for the larger white list to work? Or did the update not get pushed through? Components Version: 1.0.322 Update Package Version: 1.0.4578 License: Premium -System Information- OS: Windows 10 (Build 16299.334) CPU: x64 File System: NTFS User: Steven-PC\Steven -Scan Summary- Scan Type: Custom Scan Result: Completed Objects Scanned: 178562 Threats Detected: 4 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 0 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 MachineLearning/Anomalous.96%, I:\PARADOX\DATA\EU4\VALIDATOR\AUDAX.VALIDATOR\APP\AUDAX.VALIDATOR.EXE, No Action By User, [0], [392687],1.0.4578 MachineLearning/Anomalous.96%, I:\PARADOX\DATA\EU4\VALIDATOR\AUDAX.VALIDATOR V1.21.5.ZIP, No Action By User, [0], [392687],1.0.4578 MachineLearning/Anomalous.96%, C:\USERS\STEVEN\APPDATA\ROAMING\Microsoft\Windows\Recent\Audax.Validator v1.25.2.zip.lnk, No Action By User, [0], [392687],1.0.4578 MachineLearning/Anomalous.96%, I:\PARADOX\DATA\EU4\VALIDATOR\AUDAX.VALIDATOR V1.25.2.ZIP, No Action By User, [0], [392687],1.0.4578 Physical Sector: 0 (No malicious items detected) (end)

Log as requested I will try to test again maybe on Monday I greatly appreciate the help and responses MBAMSERVICE.LOG

thanks for the response. Items are still showing up and I am concerned that even if we get them all on a case by case basis the next version will just be flagged again. How can we get a generic fix? The author updates the program all the time. Note I ran an update just before the custom scan. At this point I have tried to spread the word for people to make an exclusion in malwarebytes but this program is widely used by people modding multiple games on multiple forums and I am only telling people in my forum. Would be nice to get a generic fix. Edit: Also my last post seems to have disappeared where I uploaded the most recent versions released in the last couple days. Attached.malwarelog.txtmalwarelog.txtmalwarelog.txt log attached malwarelog.txt Audax.Validator v1.25.1.zip Audax.Validator v1.25.2.zip

I just removed the exclusion and ran a custom scan. The current version of the program is now ok but all the copies of the previous versions are still marked as having that same false positive error. And users may be still using these old versions. I will try to attach them. Can we get them all marked clean? There was never any problems with them and malwarebytes in the past. Audax.Validator v1.20.0.zip Audax.Validator v1.21.0.zip Audax.Validator v1.21.3.zip Audax.Validator v1.21.5.zip Audax.Validator v1.22.0.zip Audax.Validator v1.22.9.zip Audax.Validator v1.23.0.zip Audax.Validator v1.23.1 preview.zip

A long time trusted program, validator.exe, which has never had any problems with malwarebytes over the past years was suddenly flagged as MachineLearning/Anomalous.94% on March 22, 2018 by Malwarebytes premium version 3.4.4. Please stop this false detection. The program is used by users of Paradox games like Europa Universalis 4 for modders the check the syntax of their game mods. The quarantine report was: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/22/18 Protection Event Time: 5:20 PM Log File: 2ea79652-2e1f-11e8-928d-001fbc09701f.json Administrator: Yes -Software Information- Version: 3.4.4.2398 Components Version: 1.0.322 Update Package Version: 1.0.4452 License: Premium -System Information- OS: Windows 10 (Build 16299.309) CPU: x64 File System: NTFS User: System -Blocked Malware Details- File: 1 MachineLearning/Anomalous.94%, I:\Paradox\Data\EU Validator.rar

thank you for your help

Thank you. I understand and I found the setting. Question about custom shields in general for my future use - looking at the advanced settings it seems if I wanted I could simply start with any new shield being in the browser profile for max protection and if no problems then just leave it there?

I have a 100% legal copy of photoshop cs2 that I purchased directly from adobe years ago and has been updated the the last version released by adobe 9.02. The program works perfectly on my win7 64 system and I can not afford to pay adobe's huge prices for a new version. Kaspersky reports that there are known vulnerabilities for CS2 as follows: ACE - An untrusted path was found in Adobe Photoshop. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited on the network via a DLL hijack. I have set Kaspersky to mark the program high restricted and I also followed the insturctions for Anti Exploit (I have the premium version) to create a new shield and I used "other" for the profile type. My question is - considering the application vulnerability mentioned above should I have used a different profile type? or is "other" correct? Thank you

Thank you. I had wondered if a beta 105.3 was more current than a 105.1 final but apparently a 105.1 final is more current.

10531012 beta has been working perfect for me. I noticed that 1051106 was released after the 10531012 beta so is 1051106 more current or should I keep using 10531012? Thank you

I previously purchased and installed the premium version of anti exploit 1.04.1.1.02 but I would like to try the new experimental build 1.05.1.1004. I see lots of download links on google for this from sites I do not trust. Where is a link on this forum to download? I have not received any popups etc from my existing install for a upgrade and the product has been installed for many weeks. thank you