Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. You guys are blocking my website "due to phishing" but without any reason why. I just built a site under the subdomain to show a client and now I'm being flagged. Please remove it or direct me to a support phone number to talk with somebody. I'm posting here because I wasn't given an option to post under the "False Positive" subtopic in this forum. Thank you!
  2. dws.txt https://www.virustotal.com/gui/file/fadf20bfb0f0660342bafbb00cb1a71e7b03048f9127cf5597603adebc9cf179/detection
  3. In UK on-line banking (3 different banks), requesting a PDF download of a statement is seen by Browser Guard as a scam - I had to remove scam protection on the banks' web sites in order to download the statement. So this is not an urgent problem; it just goes against the grain to say scams are OK.
  4. Yesterday Windows Defender found a dodgy file in a local steam workshop folder which came up as a trojan. It deleted the file and I decided to delete all of my workshop folders and went through my subscribed items to remove any suspicious ones so it wouldn't redownload them. after that I did a full scan on both my new and old system drives with MB since the same workshop files had been on my old one as well. Both scans detected 0 threats which is good (I haven't tried a scan with WD yet). Today I went to open a site (spawnterror.com) and MB gave me a notification about a suspicious outbound connection and it thinks the website could be malicious, it categorises it as a trojan (just like the workshop file which is why I think they might be related). Could someone confirm for me whether this is a false positive or something I need to worry about because I cant find any information through googling it.Spawnterror.txt
  5. MB Premium 4.1.2 RTP has blocked a website that a longstanding addin uses for update checks and downloading any update. It has never blocked before but within the last week quarantined the update *.exe file separately. Being cautious I do not want to just allow this and put it on the exclude list. Domain is openid.worketc.com and IP is MB has not reported this detection before. The ip relates to Amazon AWS servers I believe. The logs are attached of both the automatic RTP detection and manual entry of the IP in Chrome. Both blocked. Norton is not reporting it as a malicious website but website check is not up to date. Software provider is clear that no other device or provider is reporting issues. Report log files attached Please review to identify if this is a false positive or not. FP Chrome IP Address RTP Trojan.txt FP Outlook RTP Trojan.txt
  6. The Minecraft launcher and shortcut files are classified as malware by malwarebytes. I am suspicious that this is a false positive as the file has not been updated, and has not been detected in the past. See logs below: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/19/20 Scan Time: 9:30 PM Log File: 66bfd7f6-e20f-11ea-a916-6c2b5977f5e7.json -Software Information- Version: Components Version: 1.0.1003 Update Package Version: 1.0.28715 License: Premium -System Information- OS: Windows 10 (Build 18362.959) CPU: x64 File System: NTFS User: DESKTOP-DDCQ9ST\maxt8 -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 364934 Threats Detected: 3 Threats Quarantined: 0 Time Elapsed: 6 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 3 Malware.AI.4289595226, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Minecraft Launcher.lnk, No Action By User, 1000000, 0, , , , , A26E109E175AE246660A946EB03C179B, 603F2B35D6A97520727CAAD0EB390C7DE6A122A430F9B36B1A69010D117BEBCD Malware.AI.4289595226, C:\USERS\PUBLIC\Desktop\Minecraft Launcher.lnk, No Action By User, 1000000, 0, , , , , A26E109E175AE246660A946EB03C179B, 603F2B35D6A97520727CAAD0EB390C7DE6A122A430F9B36B1A69010D117BEBCD Malware.AI.4289595226, C:\PROGRAM FILES (X86)\MINECRAFT LAUNCHER\MINECRAFTLAUNCHER.EXE, No Action By User, 1000000, 0, 1.0.28715, 6FDC65347CCD00E2FFAE075A, dds, 00858853, 49DEDAE3837705AB9AE041B00914DBA5, D9CDCF6FAE6BD3DDC5C8A61B4453A75F5516B71E518EE3E410FA8DF591940E70 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  7. For some reason, this file is now being detected as Malware though it has never been before. Could you please take a look at the attached and validate for us that this is a false positive? Thanks Data..zip
  8. OpenSource Python_IDM_2020.6.27 Internet Download Manager (PyIDM.exe) has been flagged as ransomware! https://github.com/pyIDM/PyIDM
  9. I was playing on a minecraft server hosted by someone I know and trust when MBAM closed the game and said javaw.exe was a ransomware. clear false positive False positive.txt
  10. ShaSal

    Trojan blocked.

    Website being blocked https://ecgcorp.net/ We did 3 scan but did not find anything? https://www.virustotal.com/gui/url/fc6a2b7ab05ef991c731314993a5c1ec5ed28c1b17efd1cab9f998662e892ca3/detection https://transparencyreport.google.com/safe-browsing/search?url=ecgcorp.net&hl=en https://sitecheck.sucuri.net/results/https/www.ecgcorp.net
  11. Hello Malwarebytes team Sorry I'm not good at English My website is: https://daominhha.com/ My customer reported that they were blocked by Malwarebytes from accessing my site. I would like to confirm that my website is completely clean and has not read or deceived anyone. My passengers can testify to this. I successfully appealed on kaspersky, Phishtank, Avast, ... So this is definitely a misunderstanding I hope the Malwarebytes team reviews and brings my website back to normal as this is seriously affecting our reputation. Sincerely thank !
  12. Hello. It appears that malwarebytes browser guard detects turbolab.it (only when you visit its forum) due to "reputation" It is an italian site with a forum about computers (Windows 10 / Android /Linux), it doesn't host any file. I'm not the site owner, I'm just a member ( a voluntary moderator to be exact). Can you please check then delist it? Thank you in advance. Cheers see also https://sitecheck.sucuri.net/results/https/turbolab.it https://unmask.sucuri.net/security-report/?page=https%3A//turbolab.it/ https://www.urlvoid.com/scan/turbolab.it/
  13. A user reported this issue to us. These files in the log are identified as malware but are in fact harmless. The code is published for anyone to review on Github. I don't have the ability to generate log files myself. -Log Details-Protection Event Date: 7/30/20Protection Event Time: 1:33 PMLog File: 85a5e960-d258-11ea-89d1-00051bab1e7d.json-Software Information-Version: Version: 1.0.979Update Package Version: 1.0.27687License: Premium-System Information-OS: Windows 10 (Build 18362.959)CPU: x64File System: NTFSUser: System-Exploit Details-File: 0(No malicious items detected)Exploit: 1Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0-Exploit Data-Affected Application: Microsoft Office ExcelProtection Layer: Malicious Memory ProtectionProtection Technique: Exploit code executing from Heap memory blockedFile Name:URL: https://github.com/finboxi/finboxio/xlam/releases/download/v1.7.0/finbox.install.xlam(end)
  14. Hi My business website is blocked inacorrect. Website address www.rangtech.com. attached is the screenshot for your reference. It is being blocked by eero secure who are using Malwarebytes at back-end. Request you remove this as soon as possible.
  15. Hello, I am developing a website in MySQL, php, javascript ... so I am running a database on a local host. Malwarebytes suddenly detected the WampServer as malware. So, I uninstalled it. I tried to reinstall it from the local PC exe and tried to download it again from the wampserver website (https://www.wampserver.com/) and Malwarebytes always accuses malware. The wampserver had no updates. Is it a false positive? After 3 days, support did not respond. Report.txt
  16. Hello, Several of my websites were reported as being blocked by your software. The domains are as follows. https://www.n8solutions.host https://am.n8solutions.biz https://www.n8solutions.us https://www.n8solutions.net https://www.n8solutions.com I’m asking for you to please whitelist these domain names as soon as possible. I may lose a potential client because your software is blocking a legitimate website!
  17. Hi there, I work at Render (https://render.com), and we're a modern cloud provider. We provide our users with subdomains like my-site.onrender.com. We've recently had a few phishing sites hosted on Render that have all been shut down now, but Malwarebytes is still blocking all onrender.com subdomains. onrender.com is on the public suffix list maintained by Mozilla: https://publicsuffix.org/ This has caused a major outage for our platform and users who have customers using Malwarebytes. Please unblock onrender.com and render.com immediately. I"m happy to provide more details if needed.
  18. Hello, This website is being blocked and has no trojans/viruses/issues at all, can you please review: https://lapolicegear.com/ Thank you!
  19. Hello, One of our clients notified us of our executable cintooconnect.exe being wrongly flagged as a malware. He is using the version Malwarebytes Premium 4.1.0. This is particularly inconvenient as you can imagine. Could you please update your database and remove this false positive ? Best regards, Cintoo https://cintoo.com
  20. Please review and remove from your blacklist https://www.dropbox.com/s/jw5sbxk2uizbn50/107828716_10213058318971102_1053541541273182266_o.jpg?dl=0 http://transformationacademy.com
  21. The website htxxs://www.wallstreetreporter.com/ Leads to a trusted site that one of my clients needs access to for their investors. It is an urgent issue for them. Thank you
  22. Hi, I'm using 1Clipboard (http://1clipboard.io/) for many years now and not ever before it was stated as Malware. I did a full scan once a month and now the software says it's Mallware based on the file SQUIRREL.EXE that could be found in my case the locations \AppData\local\1clipboard\app-0.1.7 or \AppData\local\1clipboard\app-0.1.8. But also the file UPDATE.EXE is marked as Mallware and residing in \AppData\local\1clipboard\ and even the .lnk file on my Desktop is mentioned Malware. Be cause it's found to be Malware by AI i think it's maybe a false positive, please assist me on telling me if I'm wrong or not?!
  23. I am using this programm for years now and it's recently detected as malware. I fully trust this programm so I report it as false positive. I think it is an updater for the programm itself. -Kynatush lunar client.txt LUNAR CLIENT V2.1.2.EXE.zip
  24. MWB is reporting that FSViewer.exe is malware. This is the program file for FastStone Image Viewer, which I have used for several years without incident, and I have not updated it recently. I believe this may be a false positive, but will leave it in quarantine until I hear from you that it's OK.
  25. This site passes all other site scanners including googles site checker. However malwarebytes blocks it as having a trojan. Domain name themidnightwriter.org Thank you for looking into this.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.