stefanc

Well, I have added the program to the Exclusions - along with every related executable I can find, AND any folder the programs are running from - and I'm still getting the alert. If I keep going down that road I might as well just uninstall MWB! But in researching my question, I came across dozens of people asking about exactly that - why, if I've allowed the program am I still getting alerts? Is there an easy answer for that? It seems - from the many times it's asked - that it doesn't get resolved. But, really, no way to bulk add? How about a config or .ini file somewhere, or using RegEdit? This seems like such a reasonable feature to add to MWB I'm surprised there isn't even a work-around... Thanks, S. PS: thanks for the timely response!

I have a known-safe program that is consistently talking to a pool of about 200 different IP addresses, and MB will complain from time to time about any one of them. Rather than enter each address separately, can I simply list them in bulk, separated with something like a comma or space? Either that or loaded into file somewhere? I didn't see this particular question in my search, but I doubt I'm the only one who's asked this... I've also tried to add the application (and any related executable I can find, AND the folder it lives in) as an exclusion - but I'm still getting alerts. MB must separate the application from the target website, and treat them independently as possible threats...? Thanks!

Incidentally, is there a way to back out of the false positive? I have "alert user" set wherever possible, and I got a pop-up saying keybase was going to be blocked - but it went by too fast and now Keybase won't run unless I disable Exploit protection in Malwarebytes. How to I reset it (so I get the pop-up again), or find out where I need to make an exclusion? For this false positive in particular, it looks like cscript.exe is really what was flagged. Can this be white-listed? Or does that bypass the purpose of programs like MWB? Thanks ------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/10/17 Protection Event Time: 10:35 PM Log File: 14377dfe-96b3-11e7-aba4-00256490a632.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2771 License: Premium -System Information- OS: Windows 10 (Build 14393.1593) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: keybase Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\system32\cscript.exe cscript.exe URL: (end)