thisisu

Done

Thanks. Confirmed it was a false positive and it should now be fixed. Might need to wait up to 10 minutes to see the effects on your end.

Thanks for the log. I understand your concerns. Can you try sending it to me via private message?

Hi, In order to fix false positives we need some information. Please read:

Hi, This is detected by our MachineLearning/heauristic engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore

Moving this to appropriate sub-forum (Website Blocking)

1. Software that is considered risky. 2. I need more information to answer that. Please attach your MBAM log showing the detection. Also zip and attach the Azureus.exe file for analysis in order to confirm whether it is a false positive or not. Please read:

Hi alicias, In order for me to fix this, I need some more information. For example, the log file from MBAM showing the detection. See below for more details:

Confirmed it is FP (BCEA894F9A9ABCCF87168BD61804A2F1). Will be fixed in next update. Sorry for the inconvenience, Oliver. Regards

Taking a look now

Hello. I've whitelisted these latest two in the meantime: ed3511231089c327db4858504e75d261 ac50d662b8473ad4db91009642601fce Sorry for the inconvenience. @steve1717 Were you able to find the MBAMService.log file at C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMService.log? If you, can you please attach that one? I don't see it in your previous post.

Hi Lester, Sorry for the inconvenience with this. The below file is now whitelisted 03/30/18 " 15:00:13.059" 28454515 3120 31e8 INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "ArwControllerImplHelper.cpp" 1102 "Received threat detection callback from ARW SDK, ObjectPath=C:\cygwin64\bin\rsync.exe, Sha256Hash=13b9f6fdcbdbfeb1d5e9ea85ffc68fefa7d72cabcde65059699440bd6a74b102" Let us know if you continue to experience an issue with this file being detected. Regards

Is being fixed now. Sorry for the inconvenience

Hi, Thanks for reporting. Yes, it looks like a false positive. However, this is a generic rule that has been in the database for over a year. So I'm thinking something with Zygor guide's was updated and therefore it is now detected by us. We'll see what we can do on our end to avoid further wrongful detection. In the meantime, I recommend adding these detections to your exclusions list. Here's how: https://support.malwarebytes.com/docs/DOC-1130

Thanks Chris, It should no longer be detected