DavidLamm

Malware bytes falsely blocks our software called CloudPATIO at one of our customer's locations. They are Kirby Medical Center. This is used to display sleep study raw data. Our software is invoked via the web browser. It launches a Batch script called run.bat which will retrieve a study file and pass it to another application called zzzPATViewer agent version 1.2.0.1054 Windows 10 Enterprise Version 22H2 OS Build 19045.3086 These are files that reported as being blocked. They have been added to exclusion list but still getting blocked. CMD and batch scripts are not blocked by windows. The Run.bat can be executed manually. Aaron Slabe is IT agent from Kirby Medical Center where this problem is occurring and can provide more details.

The customer is claiming this is already turned off. Is there another way for them to whitelist our application or exclude this directory?

-Log Details- Protection Event Date: 3/24/22 Protection Event Time: 8:27 PM Log File: 4c98ec8a-abd2-11ec-a6c7-1c697a1bc89c.json -Software Information- Version: 4.5.4.168 Components Version: 1.0.1599 Update Package Version: 1.0.52808 License: Premium -System Information- OS: Windows 10 (Build 19043.1586) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \K cd C:\Users\diazi\AppData\Local\CloudPATio & run.bat, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \K cd C:\Users\diazi\AppData\Local\CloudPATio & run.bat URL: (end)

I don't have logs. We are the developers of this software and it was reported to our Customer support desk. Is that required? It might take a while to acquire these logs. The end user will need to contact their own IT department who will likely have to contact their security team....

A component of our software is being flagged as a malware exploit. It was reported to us by a customer at Metrowest Medical Center. file Name: zzzPATViewer.exe Install path: %localappdata%\CloudPATio\DeviceHandlers\zzzPATViewer This is a component of CPIO our helper application that allows people to view/edit raw sleep study data. https://www.virustotal.com/gui/file/81d7a15189e4c9f5db5296bef86375adf54ed138d9c5ee2ebc492ff67f69f067?nocache=1 https://www.virustotal.com/gui/file/917473825b71e682642738db1696458277ec4294d550b0e1ceff5889fd2e58e3 What other info do you require to remove this false positive. Best, David Lamm