Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Malwarebytes recently reported a false positive for ransomware on the Bookmark library management system for schools, used by over 2,000 schools in Australia. It even did this on my home PC. The false positive is for all exe files. I am the system developer. I wrote and compiled these myself. They have been recompiled just this morning. The false positive is likely related to PureLocker, which uses the same cross-platform programming language, PureBasic. These false positives were a huge problem last year when the ransomware appeared but have mostly been whitelisted by anti-virus companies. I just submitted a zip file containing the 32-bit exe's to Virus total. https://www.virustotal.com/gui/file/7a08003103600c6b3493225cf15238371c4f9176674764f64efe3d7a81ff2d97/detection 16 out of 64, a clear false positive result. I have also recompiled the main exe's as 64-bit programs. https://www.virustotal.com/gui/file/8f0270cf9e8afdbbd2e48e27a91b223c187797fa8416c5cf958fe09f3ed0d1b8/detection 3 out of 65 this time. Can these files please be whitelisted? Bookmark.zip
  2. Hello, Following complaints that we receive from our customers, we would like to report a false positive on our download link (cdn.filehorsevpn.com). Please find attached screenshots of the block and the log. Kindly review it and remove the false detection. Thank you MB logs fhvpn (1).txt
  3. Malwarebytes detected hmpalert.exe as malware listed as trojan.dridex. Service has been running on servers, and desktops for months as part of Sophos Intercept X Advanced. Verified detected file has same version, hash, signature. Saw older tickets where same service triggered false positives in 2016. Support said it was resolved but does not appear to be.
  4. False positive, has been checked manually with Microsoft as well, no malicious code in program. Please check it. HackTrapLogCollector.7z
  5. This website was made by YouTuber Enderman who actually tests malware, lmao I know for a FACT that this website isn't dangerous since it's from a YouTuber that I watch and nothing happens whenever I whitelist it.
  6. Dear Concerned, I'm writing to request you to remove the false positive of identifying ToTok as malware and add ToTok to the whitelist. ToTok is just a messaging and calling app which provides the stated services and does nothing malicious that would be regarded as malware. A thorough examination of ToTok on Virustotal has showed that ToTok is secure to use, for no virus has been detected by many anti-virus service providers. However, Malwarebytes has done the false detection before and removed it (screenshot attached), but the false detection happens again! This false positive result is seriously hurting our company and putting all our users’ trust at risk! We urge you to remove the false positive and add ToTok to the whitelist to cease the damage to us as soon as possible. If the case is not handled promptly, our legal team will do what we have to do to protect our lawful interests. As the false positive is reported by our user, we're unable to provide the log. We can provide a screenshot of false positive provided by our user and the APK file of our app for you to examine. Please find them in the attachment. Thank you. Best regards, Irene from Team ToTok apk file of ToTok.zip
  7. I am doing a one click install of a visual studio 2015 program and it is kicking me out. Help!!
  8. (I saw the instructions for Malwarebytes versions, 1, 2, and 3, but not 4.) Malwarebytes Premium Trial 4.1.0 free detected two files I thought were okay. In case they had become infected, I tried Virus Total on the files. There were detections (mod_ISA20_YLT.exe 4, fr08_final.zip 2), but they weren't detected by the Malwarebytes/Malwarebytes hpHosts engine. I tried Virus Total on the download URL of mod_ISA20_YLT.exe, but there were no detections. I downloaded mod_ISA20_YLT.exe from webpage https://www.scripture4all.org/download/download_ISA2.php (link URL https://www.scripture4all.org/download/dlf2.php?f=ISA20/mod_ISA20_YLT.exe) and did a comparison with fc--no differences. I ran the freshly downloaded file through Virus Total again and got similar/same results. I think the Malwarebytes detection on my PC was a false positive. (I also downloaded another file today because I clicked on the wrong link. It showed up in the 3:13PM (1513) scan report, MOD_ISA20_CLV.EXE, so it could be a false positive too.) I found https://files.scene.org/view/demos/groups/farb-rausch/fr08_final.zip with the link URL https://files.scene.org/get/demos/groups/farbrausch/fr08_final.zip . Again the file comparison of the new and old files returned no differences. I think the Malwarebytes Premium Trial 4.1.0 free detection was a false positive for this file too. VirusTotal on the URL to download this file had one detection, but again not by the Malwarebytes hpHosts engine. I put the date and time in the filenames. 202005180212-Malwarebytes-report.txt 202005191009-Malwarebytes-quickscanresults.txt 202005191513-Malwarebytes.txt 202005191011-Malwarebytes-manual-scan-results.txt
  9. The attached file is falsely identified as Malware.Generic.1403450558Malware MalwareBytes Log.txt WIP3.rar
  10. Dear Sir or Madam, I have noticed that Malwarebytes detects our software products (described bellow) as malware. As a software developer I can strongly and sincerely vouch that the files bellow don't contain any malware. I have worked on these products, and know with 100% certainty that they don't contain malware. Please either whitelist our products or tell us, in detail, why they are considered malware. We would gladly cooperate with you in order to fix this problem which is damaging to us and to our users (and, by extension, to your users, also). DriverMax installation kit from https://www.drivermax.com/soft/dmx/drivermax.exe DriverMax.exe - part of DriverMax mentioned above, false positive detection as PUP.Optional.DriverMax This is incorrect because: a. The user agreed to install DriverMax and it wasn’t deployed on the PC without his/hers knowledge b. You can deactivate it or stop using it at any time you like - and this is not something malware would allow anyone to do c. DriverMax is also listed in the Add / Remove Programs applet of the PC, allowing anyone to remove it from there as well d. The user is informed about the way DriverMax works An application should be considered "malware" only if it is installed on a user’s PC without their knowledge or with an improper description of it’s real actions. DriverMax has been available for a very long time. We have been the first to offer peer to peer driver updates, and massive development time and effort has went into it. Kind regards,Ane Mari Tache
  11. Dear Support, Our IP : we are using this IP very long time. There is No Trojans. Today we got mail from one of our customers says Malwarebytes identify this IP as Malicious Site. Please remove the IP from your IP Block List ASAP. Thanks for your Help. Patrick
  12. Just reporting a false positive block of https://www.harveynorman.com.au/ Thanks, Krusty
  13. Not sure if this is a false positive or not, it comes back with 9/68 from Virus Total, Malwarebytes identified it as Malware.Generic.4161686282. CLUBSANDISK.zip
  14. Our client with the domain algosolutions.com is currently being blocked/flagged by MalwareBytes. The previous site had malware before we took over the project and have completely rebuilt the site with a new platform on a new properly maintained server. Please remove it from your block list.
  15. Hi I work for a small developer and one of our executables is being identified by a Malwarebytes scan as containing a MachineLearning/Anomalous.95% infection. The executable is part of the installation routine for our software. Is there anyway to identify if this is a genuine infection of a false positive? Thanks Alan
  16. Hi, I am member of the team responsible for running https://www.peopleperhour.com and our users are telling us that our CloudFront domain ( dw3i9sxi97owk.cloudfront.net ) is being blocked by malwarebytes premium. This domain fronts a AWS S3 bucket where we upload "user generated content" such as profile avatar images and user portfolio items. Although we use a virus scanner, it is possible that a malicious user has uploaded malware to our CloudFront domain - we will be sure to remove anything suspicious immediately if you are aware of anything? It is in our interests this domain is clean and we certainly want to protect our users. The overwhelming majority of files will be safe so blocking the whole domain isn't necessary and makes our website ugly to malwarebytes users. we had a similar problem in the past. ref. https://forums.malwarebytes.com/topic/247879-dw3i9sxi97owkcloudfrontnet-is-a-false-positive As we were mentioned in the previous case we had, most of the files reported are only marked as malware by 1 engine, "Yandex Safebrowsing" and seem to be false positive any other file that is reported from more malware engines are already removed from our internal AV system. ref. https://www.virustotal.com/gui/domain/dw3i9sxi97owk.cloudfront.net/relations Please let me know if there is something more to do to become unblocked by your system. Regards, Stavros F.
  17. Hi support team! Hope you are doing well. I was hoping that you could remove the block on www.Baltimore.EcoMap.tech and www.EcoMap.tech. A possible client recently reported that they could not access our site due to the block (see screenshot) While I understand .tech is not a common top-level domain, we are definitely not using it for malicious purposes and it is preventing clients from accessing our site. Likewise, we create subdomains (like Baltimore.EcoMap.Tech) for all of our client sites. Will I have to submit a new False-Positive report for each subdomain, or will removing the block on the root domain do the trick? Please let me know if there are any supporting materials that I need to submit in order to have the block removed. Thank you!
  18. Please resolve False Positive Detection by desktop Malwarebytes. -Blocked Malware Details- File: 1 Adware.DLAssistant, C:\Program Files (x86)\CyberLink\Power2Go13\DiscManager.exe, Quarantined, 7519, 763135, 1.0.21148, , ame, File submitted to VirusTotal.com and they found zero hits. https://www.virustotal.com/gui/file/e9286bfd66cc38881ca615bcf89c1cd0aa7991f3542c7f41cb5ff8e3b8294b3e/detectionCyberLink Export of TXT file attached. Worked around by placing file in allow list. Malwarebyte blocked program.txt
  19. I had an old file saved from a game I wanted to create. It happens that I just installed Malwarebytes, analyzed my pendrive and detected that the .exe of the game is a threat. A virus/malware could be camouflaged there, or it's just a false positive. Since I have seen several that the same problem has happened to them. /Translator DeepL Virus Total: https://www.virustotal.com/gui/file/8b1c3bb3ed6f15e813a2a86eeea2823fcd56f9757e9dea31ddd9fc52e52cc171/detection
  20. Our site is fairly basic with a link for remote support that uses a product called remote utilities. I am assuming that the link to our remote support toll on remoteutilites.com is causing the false positive. Is there a way for us to get off the bad site list. It is causing us issues supporting our clients that either are using or want to use malwarebytes. Thanks for your help. Brad Miller
  21. Hi, The site from which Clover program can be download from http://en.ejie.me/download.html is being blocked. When trying to install this program downloaded via a different computer it gets deleted and a message is being displayed that the computer is safe now. Please investigate and confirm to whether this is a false positive or not. Symantec Endpoint protection does not classify this program as being harmful. Thanks! Negrelli
  22. I believe that "biosagentplus_616.exe IS A FALSE POSITIVE ... from the website https://biosagentplus.com/scan/download/netscape
  23. Hi, Malwarebytes has incorrectly blacklisted my work website hxxp://www.rosenberg-art.com. Can you please unblock as soon as possible, since I need to access my domain. There was a problem on the website last week, which was fixed some days ago. Screenshot attached. Thanks, Susan Rosenberg Malware Bytes Screenshot March 2020.docx
  24. Malwarebytes decided to flag my PDF writer as generic malware. How doi I get it to not flag it and not quarantine it? How should I continue to use the Cute PDF writer???
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.