TheVogon
-
Posts
25 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by TheVogon
-
-
False positive as "Generic.Malware/Suspicious". Source code is on Github. Thanks.
-
Malwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 12/13/23
Protection Event Time: 8:31 PM
Log File: 8d98dec0-99f6-11ee-8811-18cc1899a137.json-Software Information-
Version: 4.6.6.294
Components Version: 1.0.2201
Update Package Version: 1.0.78358
License: Premium-System Information-
OS: Windows 11 (Build 26010.1010)
CPU: x64
File System: NTFS
User: System-Blocked Malware Details-
File: 1
Generic.Malware/Suspicious, C:\SamFwTool\SamFwTool.exe, Quarantined, 0, 392686, 1.0.78358, , shuriken, , 9C90B1112821C828582F8771F67A0634, C1AE13C4F8579FEB3CDD3EC33C30CF79EBCCEC03371EDD3EEE4C8F72F2275E52
(end) -
-
False Positive. Should be Hack Tool. Thanks.
-
I believe the the attached is a false positive. Thanks.
-
(99% of users installing such things are not interested in an alert telling them what they already know it is.)
-
OK feature request then for the future. It would really make sense to be able to exclude some detections by category.
-
Thanks, can i exclude that detection as a category?
-
-
19 hours ago, exile360 said:
Greetings,
Thanks for reporting this issue. I'm not sure if performance can be improved, but hopefully it can. I will report your experience to the Product team for analysis.
In the meantime, it may be helpful to get some additional info about your system and settings to help the QA testers and Developers in replicating the issue. To do so, please do the following:
- Download and run the Malwarebytes Support Tool
- Accept the EULA and click Advanced tab on the left (not Start Repair)
- Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
Thanks
-
Guys,
I installed the MWB browser extension on the current Windows 10 released and the launch start up time of Edge goes from circa 2 seconds to about 12 seconds. disabling the extension in the browser settings restores normal performance.
-
Thanks. a more specific categorisation would have been fine, but removing the detection is ideal.
-
1 hour ago, Porthos said:
Please be patient, A researcher will be assisting you. Th VT link was for staff use.
OK, suggest that references to your views on use are best avoided then. Risk comments were fine.
Yes no rush for this. I have a MWB email box address for samples that are urgent.
This is so far for personal use although i'm open to considering it for corporate as zero day detection speed is only beaten (sometimes!) by Kaspersky so far in my experience.
-
-
Most of which are generic / keygen alerts. On testing it doesn't download anything or open any external connections as far as i or my router can see and the PC scans clean afterwards.
And i dont care what your moral view of what the software happens to be, that's utterly none of your business.
Maybe someone who actually has a knowledgeable view on if this is malware rather than looking at a well known to often be incorrect website can comment on what it actually does undesirable if so.
-
-
4 minutes ago, miekiemoes said:
We try our best as we can to respond to false positives and false negatives as fast as possible
As for fixing a false positive, this depends. In most of the cases, it's quite obvious already it's a false positive and not malware, so verifying goes quite fast.
As for updating/fixing this, this all depends which of our engines detected this, as we have a few of our own engines. In this case, it was detected by our machinelearning engine, so fixing a false positive should no longer take than 10 minutes. Regular detection rules (non machinelearning) might take a littlebit longer, but no longer than an hour.
Hope this answers your questions.
That response is enough to persuade me to buy a license. Will purchase on my registered email here.
I'm not clear on the real question though. From when you find a binary is Malware in your lab, allowing for normal testing / deployment / batching of other updates, how long until its available to users? Just want to understand your test / release cycle please.
(The only real competition for Malware Bytes in terms of zero day detection in my experience at least that is available to consumers is Kaspersky.) 🙂
-
(i am someone who bothers to report zero day malware to at least 3 virus products when i frequently come across it, you are not on my list as I have not tried. Being able to simply email it to an address as per Kaspersky is ideal.)
-
Oh and amazingly fast response by the way and impressed a director is on the front line. Think i will buy a license if i get that level of response to reported malware? Microsoft, Symantec, and many various others I have used as head of infrastructure @ financials take at least a day.
What is your testing cycle time for updates? i.e. if i report something, you test it, agree its malware, how long until updated detection hash / AI update is out of the door?
-
Thanks.
Yes i understand why unsigned binaries that protect against runtime decompilation would be detected. Not a problem. Rather it warned me and let me decide than didn't.
-
Believe this is a false positive. Cant see that this does anything undesirable on monitoring it via system internal tools. Was 22 generic detections on virus total and dropping (20 as of last rescan)
False Positive - not malware.
in File Detections
Posted · Edited by TheVogon
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/23/2024
Scan Time: 1:36 AM
Log File: f5597b32-d1eb-11ee-a885-f02f74ca1251.json
-Software Information-
Version: 5.0.17.99
Components Version: 1.0.1169
Update Package Version: 1.0.81313
License: Premium
-System Information-
OS: Windows 11 (Build 22631.3227)
CPU: x64
File System: NTFS
User: *********
-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 6 sec
-Scan Options-
Memory: Disabled
Startup: Disabled
File system: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
Generic.Malware/Suspicious, C:\USERS\******\DOWNLOADS\VRPE-INSTALLER.EXE, No Action By User, 0, 392686, 1.0.81313, , shuriken, , AD3E1C33C747B835CF7F0F09A4653177, B5EC6A444321EC4D46C8EC1430F6886FD3DC1AAEB61E06E6E8F8EF616CB51999
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)