Greybeard1
-
Posts
14 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Greybeard1
-
-
Hi, Malwarebytes has detected the free version of Attribute Magic and Malware.Sandbox.32 I believe it's legit freeware, from 2003. Log and zipped exe attached.
-
Thanks. Yes, as I said, it's an old file and I don't need it, but I thought that reporting it might help with feedback to the AI detection engine.
-
Hi,
Malwarebtes detected the installation file for a redundant version of nmap as Malware. Previous scans did not detect it. Log and file attached.
Reported for feedback only, I don't need the file as it's an old version.
-
Thank you. Block Penetration Testing attacks is off. I'll take turning off Spawning Batch Command Prevention as the solution.
-
1
-
-
Thanks Porthos. Apologies for posting in the wrong section.
I've done that and tested it (having put LibreOffice back on the Protected list) and it flags an exploit as before. I didn't see any control ticks change when I restored the defaults.
However, I haven't explore that area of Settings previously, and I notice the 3rd tab is "Application behavior protection" and includes a control in the "MS Office" column for "Office Spawning Batch Command Prevention". I turned off that control and and that does prevent an exploit being flagged.
So it appears that control applies to other Office suites, not just MS Office. I assume it's a narrower exemption than taking protection off LibreOffice completely, which I think is better. Do you know if that's the way Malwarebytes is intended to work, or should it be possible to respond to the nature of the macro rather than react to it as a Spawning Batch Command? I can see from the log that cmd.exe was called so understand that it literally is a spawned batch command.
-
Malwarebytes is flagging an exploit when attempting to run a macro in LibreOffice. Invoking the menu command Tools > Macro > Run Macro on a newly created blank text document or spreadsheet with only the built in macros will cause the application to close and the exploit to be flagged. This happens before selection of a macro to run.
This occurs on a two separate new installations of LibreOffice 7.3.4, downloaded from https://www.libreoffice.org/download/download/?type=win-x86_64&version=7.3.4&lang=en-GB. SHA256 string of the downloaded file matches the target. Macro protection settings in the application do not affect the outcome.
Saving a blank file and adding it to the Allow List in Malwarebytes does not prevent the behavior.
I attach a typical log and zipped .odt file - the issue may be in the application itself, which I have not attached but can be downloaded as above.
I have turned off LibreOffice in the Protection Applications list but see that as a temporary workaround.
Thanks.
-
Malwarebytes has reported m32-471-rc.exe, a 2009 version of Mercury Mailserver as MachineLearning/Anomalous.100
Mercury is well respected software and no malicious activity was detected when I used this version, so I think it's a false positive. Log and zipped detected file attached.
Reporting as feedback to detection engine; the file is redundant so whitelisting is moot.
-
Thanks. They were detected on 4 July, as shown in the log. I didn't quarantine them and have just rescanned and there weren't detected now. I assume an update has fixed the issue, so nothing more to do.
-
Hi,
I reported a false positive in Tessaract-OCR in January, which was confirmed. I have recently had the same false positive, plus two more from Tessaract (I have not changed my installation). Since they were connected, I reported the recent events on the same thread, but maybe that was the wrong thing to do as there has been no response.
The thread, with attachments for the new event, is here
Thanks
-
Hi,
Adding this to my previous post as it's more suspected false positives in the same program, plus the previously reported one redetected. Log and zipped suspect files attached. Thanks.
-
Thanks for getting back to me. I'll put it in my exclusions list for the time being.
Chris
-
Hi,
Thank you. Detected file and log from C:\ProgramData\Malwarebytes\MBAMService\ScanResults zipped together and attached.
Chris
-
Hi,
Malwarebytes routine scan has reported Malware.AI in dawg2wordlist.exe, one of the supporting files for the Tessaract OCR software. As a minor and little used part of a long standing and reputable program my guess is that this is a false positive, please could you check?
I can attach the file or provide the source I downloaded from if required
Thanks, Chris
caving.ie incorrectly blocked for fraud
in Website Blocking
Posted
Hi,
caving.ie is blocked as fraud, but appears valid. It's the website of The Speleological Union of Ireland and doesn't sell anything except perhaps membership subs. Whois confirms that the owner is The Speleological Union of Ireland Limited. I'm not connected with the site, just a caver/potholer trying to look something up on it. Log attached.
cavingiemwb.log