blender

Hello, Thanks for the file. The detection will stay. https://www.virustotal.com/#/file/f0dde1265146a282f1011e2ec5fc71cd095cd4b4aa475ef0be23404cfad6029b/detection

Hello, Can you zip & attach this file please? Generic.Malware/Suspicious, G:\DOWNLOADS\LIGHT_IMAGE_RESIZER4_SETUP.EXE, No Action By User, [0], [392686],1.0.7217 The rest - I looked through the log & most are OpenCandy & Bundle Installers. These contain the OpenCandy module which typically when you run the installer has other offers within the app that you would have to uncheck in order to avoid the extra installs. We detect IEPV because some people may not want to have their IE passwords revealed. If used by you to recover a password you forgot on some site you go to, then it is Ok to have, but if someone else was to launch this on your machine without you knowing, you would want it nabbed before they got your passwords. PUP.Optional isn't necessarily "dangerous" - it just means it is Potentially unwanted. If you're familiar with how all these programs work, then you can exclude them.

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

Hello, We'll have the PUP team check this & update this thread as soon as possible.

Hello, Thank you for reporting this once again. Next update it will be fixed again.

Good to hear. Thank you for confirming.

Hello, This has been fixed already. Please make sure your definitions are up to date. If you are still getting blocks on this address, please shut down & restart MBAM (or reboot)

Yep - I see that now & just tested myself by adding another line in my hosts file that is in our db (but is not normally in the hosts file (and should not be) ) You can leave the hosts file out of exclusions & just cancel or ignore each time. You can be pretty sure every time you scan & only that entry comes up that is the one you want to keep. If for some reason you get infected, you can uncheck that one entry pointing to hosts & let MBAM clean up the rest.

Next time MBAM detects that line, you *should* be able to tell MBAM to ignore always and it should no longer detect it. Can you confirm? If that works as expected, then you shouldn't need to exclude the entire HOSTS file and if something malicious modifies it, the bad modifications will still be detected.

Thank you for reporting.

Hello, This has been fixed. Please ensure you have the following databases (depending on which version of MBAM you use) MBAM1x/2x v2018.08.15.08 was published at 8/15/2018 3:20:59 PM (UTC) MB3 1.0.6361 was published at 8/15/2018 3:37:23 PM (UTC)

Hello, This has been fixed again. As the previous version fix, please give it about 10 minutes for your MBAM to see the update.

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. It's also always a good idea to digitally sign the files. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. If still detected on your end after ~10 minutes from now. Perform the following steps: 1. Totally exit/shutdown Malwarebytes. 2. Go to here in explorer: 3. C:\ProgramData\Malwarebytes\MBAMService 4. delete the following file only: hubblecache. it doesn't have a file extension 5. Then you can restart MBAM and the cache file will rebuild on the next scan. Can you zip up a few more of the other files that are being hit as well please? Sometimes it takes a few files for the engine to "learn" to not detect. Thank you,

Hello, It could have been a number of factors why some machines did not recognise your exclusion. If you are using the Business version, possibly some of the deployed agents had temporary communication issues with your server & didn't get the update you applied. If you continue to have troubles with your endpoints getting updated settings you apply, I would contact support to help t-shoot.