Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. MB Premium 4.1.2 RTP has blocked a website that a longstanding addin uses for update checks and downloading any update. It has never blocked before but within the last week quarantined the update *.exe file separately. Being cautious I do not want to just allow this and put it on the exclude list. Domain is openid.worketc.com and IP is MB has not reported this detection before. The ip relates to Amazon AWS servers I believe. The logs are attached of both the automatic RTP detection and manual entry of the IP in Chrome. Both blocked. Norton is not reporting it as a malicious
  2. The Minecraft launcher and shortcut files are classified as malware by malwarebytes. I am suspicious that this is a false positive as the file has not been updated, and has not been detected in the past. See logs below: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/19/20 Scan Time: 9:30 PM Log File: 66bfd7f6-e20f-11ea-a916-6c2b5977f5e7.json -Software Information- Version: Components Version: 1.0.1003 Update Package Version: 1.0.28715 License: Premium -System Information- OS: Windows 10 (Build 18362.959) CPU: x
  3. For some reason, this file is now being detected as Malware though it has never been before. Could you please take a look at the attached and validate for us that this is a false positive? Thanks Data..zip
  4. OpenSource Python_IDM_2020.6.27 Internet Download Manager (PyIDM.exe) has been flagged as ransomware! https://github.com/pyIDM/PyIDM
  5. I was playing on a minecraft server hosted by someone I know and trust when MBAM closed the game and said javaw.exe was a ransomware. clear false positive False positive.txt
  6. ShaSal

    Trojan blocked.

    Website being blocked https://ecgcorp.net/ We did 3 scan but did not find anything? https://www.virustotal.com/gui/url/fc6a2b7ab05ef991c731314993a5c1ec5ed28c1b17efd1cab9f998662e892ca3/detection https://transparencyreport.google.com/safe-browsing/search?url=ecgcorp.net&hl=en https://sitecheck.sucuri.net/results/https/www.ecgcorp.net
  7. Hello Malwarebytes team Sorry I'm not good at English My website is: https://daominhha.com/ My customer reported that they were blocked by Malwarebytes from accessing my site. I would like to confirm that my website is completely clean and has not read or deceived anyone. My passengers can testify to this. I successfully appealed on kaspersky, Phishtank, Avast, ... So this is definitely a misunderstanding I hope the Malwarebytes team reviews and brings my website back to normal as this is seriously affecting our reputation. Sincerely thank !
  8. Hello. It appears that malwarebytes browser guard detects turbolab.it (only when you visit its forum) due to "reputation" It is an italian site with a forum about computers (Windows 10 / Android /Linux), it doesn't host any file. I'm not the site owner, I'm just a member ( a voluntary moderator to be exact). Can you please check then delist it? Thank you in advance. Cheers see also https://sitecheck.sucuri.net/results/https/turbolab.it https://unmask.sucuri.net/security-report/?page=https%3A//turbolab.it/ https://www.url
  9. A user reported this issue to us. These files in the log are identified as malware but are in fact harmless. The code is published for anyone to review on Github. I don't have the ability to generate log files myself. -Log Details-Protection Event Date: 7/30/20Protection Event Time: 1:33 PMLog File: 85a5e960-d258-11ea-89d1-00051bab1e7d.json-Software Information-Version: Version: 1.0.979Update Package Version: 1.0.27687License: Premium-System Information-OS: Windows 10 (Build 18362.959)CPU: x64File System: NTFSUser: System-Exploit Details-File: 0(No malicious items det
  10. Hi My business website is blocked inacorrect. Website address www.rangtech.com. attached is the screenshot for your reference. It is being blocked by eero secure who are using Malwarebytes at back-end. Request you remove this as soon as possible.
  11. Hello, Several of my websites were reported as being blocked by your software. The domains are as follows. https://www.n8solutions.host https://am.n8solutions.biz https://www.n8solutions.us https://www.n8solutions.net https://www.n8solutions.com I’m asking for you to please whitelist these domain names as soon as possible. I may lose a potential client because your software is blocking a legitimate website!
  12. Hello, I am developing a website in MySQL, php, javascript ... so I am running a database on a local host. Malwarebytes suddenly detected the WampServer as malware. So, I uninstalled it. I tried to reinstall it from the local PC exe and tried to download it again from the wampserver website (https://www.wampserver.com/) and Malwarebytes always accuses malware. The wampserver had no updates. Is it a false positive? After 3 days, support did not respond. Report.txt
  13. Hi there, I work at Render (https://render.com), and we're a modern cloud provider. We provide our users with subdomains like my-site.onrender.com. We've recently had a few phishing sites hosted on Render that have all been shut down now, but Malwarebytes is still blocking all onrender.com subdomains. onrender.com is on the public suffix list maintained by Mozilla: https://publicsuffix.org/ This has caused a major outage for our platform and users who have customers using Malwarebytes. Please unblock onrender.com and render.com immediately. I"m happy to provide more details if n
  14. Hello, One of our clients notified us of our executable cintooconnect.exe being wrongly flagged as a malware. He is using the version Malwarebytes Premium 4.1.0. This is particularly inconvenient as you can imagine. Could you please update your database and remove this false positive ? Best regards, Cintoo https://cintoo.com
  15. Hello, This website is being blocked and has no trojans/viruses/issues at all, can you please review: https://lapolicegear.com/ Thank you!
  16. Hi, I'm using 1Clipboard (http://1clipboard.io/) for many years now and not ever before it was stated as Malware. I did a full scan once a month and now the software says it's Mallware based on the file SQUIRREL.EXE that could be found in my case the locations \AppData\local\1clipboard\app-0.1.7 or \AppData\local\1clipboard\app-0.1.8. But also the file UPDATE.EXE is marked as Mallware and residing in \AppData\local\1clipboard\ and even the .lnk file on my Desktop is mentioned Malware. Be cause it's found to be Malware by AI i think it's maybe a false positive, please assist me on telling
  17. Please review and remove from your blacklist https://www.dropbox.com/s/jw5sbxk2uizbn50/107828716_10213058318971102_1053541541273182266_o.jpg?dl=0 http://transformationacademy.com
  18. The website htxxs://www.wallstreetreporter.com/ Leads to a trusted site that one of my clients needs access to for their investors. It is an urgent issue for them. Thank you
  19. I am using this programm for years now and it's recently detected as malware. I fully trust this programm so I report it as false positive. I think it is an updater for the programm itself. -Kynatush lunar client.txt LUNAR CLIENT V2.1.2.EXE.zip
  20. MWB is reporting that FSViewer.exe is malware. This is the program file for FastStone Image Viewer, which I have used for several years without incident, and I have not updated it recently. I believe this may be a false positive, but will leave it in quarantine until I hear from you that it's OK.
  21. This site passes all other site scanners including googles site checker. However malwarebytes blocks it as having a trojan. Domain name themidnightwriter.org Thank you for looking into this.
  22. Malwarebytes recently reported a false positive for ransomware on the Bookmark library management system for schools, used by over 2,000 schools in Australia. It even did this on my home PC. The false positive is for all exe files. I am the system developer. I wrote and compiled these myself. They have been recompiled just this morning. The false positive is likely related to PureLocker, which uses the same cross-platform programming language, PureBasic. These false positives were a huge problem last year when the ransomware appeared but have mostly been whitelisted by anti-virus companies. I
  23. Hello, Following complaints that we receive from our customers, we would like to report a false positive on our download link (cdn.filehorsevpn.com). Please find attached screenshots of the block and the log. Kindly review it and remove the false detection. Thank you MB logs fhvpn (1).txt
  24. Malwarebytes detected hmpalert.exe as malware listed as trojan.dridex. Service has been running on servers, and desktops for months as part of Sophos Intercept X Advanced. Verified detected file has same version, hash, signature. Saw older tickets where same service triggered false positives in 2016. Support said it was resolved but does not appear to be.
  25. False positive, has been checked manually with Microsoft as well, no malicious code in program. Please check it. HackTrapLogCollector.7z
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.