I had been getting RTP detections a couple days ago while scrolling through Youtube, are they false positives?
Example 1:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 9/30/23
Protection Event Time: 5:09 PM
Log File: 6c477016-5fa3-11ee-90a5-088fc32d2a3c.json
-Software Information-
Version: 4.6.3.282
Components Version: 1.0.2158
Update Package Version: 1.0.75821
License: Trial
-System Information-
OS: Windows 11 (Build 22621.2283)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Exploit.PayloadProcessBlock, C:\Windows\System32\Wbem\WMIC.exe wmic bios get serialnumber, Blocked, 701, 392684, 0.0.0, ,
-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Windows\System32\Wbem\WMIC.exe wmic bios get serialnumber
URL:
(end)
Example 2:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 9/24/23
Protection Event Time: 1:39 PM
Log File: 0d042cb2-5acf-11ee-b605-088fc32d2a3c.json
-Software Information-
Version: 4.6.3.282
Components Version: 1.0.2151
Update Package Version: 1.0.75617
License: Trial
-System Information-
OS: Windows 11 (Build 22621.2283)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Exploit.PayloadProcessBlock, C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c ver, Blocked, 701, 392684, 0.0.0, ,
-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c ver
URL:
(end)
I have disabled the Penetration Testing option after the last detection and so far I am not getting those type of detections anymore. But I am not sure it stopped because of that.
