DCB1951
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by DCB1951
-
-
I have VIPRE Advanced Security installed in parallel with Malwarebytes (they coexist quite well). The installation file I've attached has passed Malwarebytes scans every night for months until last night, which makes me think this is a false positive. Is that true?
-
AutoHotKeyA32.exe has passed many scans on my system by MB 4.6.x, but this morning, I woke up to find that the AI-powered detection feature of MB had quarantined it. Because the file has been on my system for more than 3 months without incident, I suspect a false positive.
Please let me know. TIA.
Doug Borg
-
That looks like it did the trick. Thank you very much!
- 1
-
Is the attached what you are looking for?
-
"Block penetration testing attacks" toggle was OFF, just like the graphic that you provided. I left it unchanged. It did not solve the problem.
In "Advanced Exploit Protection settings", I restored defaults, hit Apply, and restarted Outlook with RTP on. It did not solve the problem.What do we do next?
-
I've been using Kutools for Outlook for many years without incident or reaction from MB. I just upgraded from K4O v16 to v17 and now RTP won't allow MS Outlook 365 to be loaded. I've had to turn off RTP in order to run Outlook with K4O. I suspect a false positive, but in any case I can't override the detection.
What's my next step? -
Thank you both. The expert system algorithms was in fact turned on. It has been turned off, and downloading and installing AHK v2.0.5 was successful.
Your prompt assistance is very much appreciated. -
AutoHotKey 2.0.x files have not been flagged previously. I downloaded v2.0.5 from the developer's website (https://www.autohotkey.com/) as I normally do. MB quarantined the file when I opened it. Is it really infected? That seems unlikely.
MB logfile attached.
-
Thank you for your prompt update. MB now reports that the file is clean.
-
P.S. VirusTotal ruled it clean ...
-
Overnight, MB Premium 4.3.0 flagged the attached file (C:\PROGRAM FILES (X86)\MYDRIVE CONNECT\TOMTOMCACHECLEANUP.EXE) as infected, yet it has been on my computer for months and has never been flagged before. A scheduled scan claims it has been infected with Malware.AI.1037813374. A copy of the file is attached as well as the scan report.
Would you please check it for false positive? Thanks in advance.
-
7 hours ago, cli said:
OK, perfect. :) I was going to suggest that and let you know that for developers, we advise them to add folders they use for development into their allow list. To read more about it, you can visit MachineLearning/Anomalous Detections and Explanation. Thanks for reporting.
I had a similar error report (Malware.Heuristic.1003) - 2nd one in 2 days after months of clean scans - an hour ago. The file is C:\Windows\Installer\158a00c.msi (no idea what it does), and it was created on 2020-Jan-20. I disabled "Use expert system algorithms to identify malicious files" as you recommended above, re-tested the file, and it came up clean.
-
7 minutes ago, TwinHeadedEagle said:
Hi,
I couldn't reproduce this detection but it was definitely a false positive. Can you try to rescan?
I just did, and it came up clean this time.
Just so you don't think I was confused, here iss last night's report:
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 4/26/21
Scan Time: 2:00 AM
Log File: a59735a0-a654-11eb-81e9-84fdd1b81d3d.json-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39803
License: Premium-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: System-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 413974
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 16 min, 44 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 1
Malware.Heuristic.1003, C:\PROGRAM FILES (X86)\FF\FF.EXE, No Action By User, 1000001, 0, 1.0.39803, 0000000000000000000003EB, dds, 01218449, 33667CD13C46D3D4DA195437C0E00C1C, 22644605AFC67FA8201541508AD3E8E5A26F7E3296E4CFB356E3DF9A2D62777CPhysical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end)Here is the scan just taken at your direction:
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 4/26/21
Scan Time: 8:44 AM
Log File: 30680032-a68d-11eb-be65-84fdd1b81d3d.json-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39813
License: Premium-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: LAPTOP-EEKPTLRJ\dborg-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 14 sec-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 0
(No malicious items detected)Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end)I guess the automated definition updates took care of it.
Thank you very much for your very prompt response!
-
The executable in this ZIP file (ff.exe) has been installed on my system for many years. I believe that last night's scheduled scan mistakenly reported this file as infected with "Malware.Heuristic.1003". Therefore, I suspect a false positive report.
Please advise. Thanks in advance.
Vipre Advanced Security.msi - passed MB scans until last night
in File Detections
Posted
Thank you very much.