DCB1951

AutoHotKeyA32.exe has passed many scans on my system by MB 4.6.x, but this morning, I woke up to find that the AI-powered detection feature of MB had quarantined it. Because the file has been on my system for more than 3 months without incident, I suspect a false positive. Please let me know. TIA. Doug Borg AutoHotkeyA32.zip

That looks like it did the trick. Thank you very much!

Is the attached what you are looking for? Kutools for Outlook v17p0.txt

"Block penetration testing attacks" toggle was OFF, just like the graphic that you provided. I left it unchanged. It did not solve the problem. In "Advanced Exploit Protection settings", I restored defaults, hit Apply, and restarted Outlook with RTP on. It did not solve the problem. What do we do next?

I've been using Kutools for Outlook for many years without incident or reaction from MB. I just upgraded from K4O v16 to v17 and now RTP won't allow MS Outlook 365 to be loaded. I've had to turn off RTP in order to run Outlook with K4O. I suspect a false positive, but in any case I can't override the detection. What's my next step?

Thank you both. The expert system algorithms was in fact turned on. It has been turned off, and downloading and installing AHK v2.0.5 was successful. Your prompt assistance is very much appreciated.

AutoHotKey 2.0.x files have not been flagged previously. I downloaded v2.0.5 from the developer's website (https://www.autohotkey.com/) as I normally do. MB quarantined the file when I opened it. Is it really infected? That seems unlikely. MB logfile attached. MB logfile - AutoHotKey v2.0.5.txt

Thank you for your prompt update. MB now reports that the file is clean.

P.S. VirusTotal ruled it clean ...

Overnight, MB Premium 4.3.0 flagged the attached file (C:\PROGRAM FILES (X86)\MYDRIVE CONNECT\TOMTOMCACHECLEANUP.EXE) as infected, yet it has been on my computer for months and has never been flagged before. A scheduled scan claims it has been infected with Malware.AI.1037813374. A copy of the file is attached as well as the scan report. Would you please check it for false positive? Thanks in advance. TomTomCacheCleanup.txt TomTomCacheCleanup.zip

I had a similar error report (Malware.Heuristic.1003) - 2nd one in 2 days after months of clean scans - an hour ago. The file is C:\Windows\Installer\158a00c.msi (no idea what it does), and it was created on 2020-Jan-20. I disabled "Use expert system algorithms to identify malicious files" as you recommended above, re-tested the file, and it came up clean.

I just did, and it came up clean this time. Just so you don't think I was confused, here iss last night's report: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/26/21 Scan Time: 2:00 AM Log File: a59735a0-a654-11eb-81e9-84fdd1b81d3d.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1273 Update Package Version: 1.0.39803 License: Premium -System Information- OS: Windows 10 (Build 19042.928) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 413974 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 16 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Warn -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.Heuristic.1003, C:\PROGRAM FILES (X86)\FF\FF.EXE, No Action By User, 1000001, 0, 1.0.39803, 0000000000000000000003EB, dds, 01218449, 33667CD13C46D3D4DA195437C0E00C1C, 22644605AFC67FA8201541508AD3E8E5A26F7E3296E4CFB356E3DF9A2D62777C Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Here is the scan just taken at your direction: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/26/21 Scan Time: 8:44 AM Log File: 30680032-a68d-11eb-be65-84fdd1b81d3d.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1273 Update Package Version: 1.0.39813 License: Premium -System Information- OS: Windows 10 (Build 19042.928) CPU: x64 File System: NTFS User: LAPTOP-EEKPTLRJ\dborg -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 0 min, 14 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) I guess the automated definition updates took care of it. Thank you very much for your very prompt response!

The executable in this ZIP file (ff.exe) has been installed on my system for many years. I believe that last night's scheduled scan mistakenly reported this file as infected with "Malware.Heuristic.1003". Therefore, I suspect a false positive report. Please advise. Thanks in advance. ff_20120803.zip