Jump to content

Search the Community

Showing results for tags 'falsepositive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Greetings! I am the developer of WFE (Warcraft Feature Extender) and my .exe/.dll sometimes both get detected as MachineLearning/Anomalous.100%, I do not have malicious code, and VirusTotal and other scanners report it to be comepletely fine. Could you please take a look and hopefully remove my software from being detected as virus? Archive with files attached below. Thanks in advance! WFE v2.23.zip
  2. usman

    False positive

    Hello, Malware Bytes Browser Guard is blocking our website https://royalbathrooms.co.uk/ Here is the latest VirusTotal scan showing clean from all the engines https://www.virustotal.com/gui/url/96ade4d1c8d46613c5c47b864bb494b6a9e79eb5c3b29fd60066a610d67eb8c9/detection Please remove the site from your blacklist as soon as possible as it is affecting our business. Kind regards
  3. Hi Malwarebytes support team, We hope you are doing great. Kindly know, we belong to the tech department of Shufti Pro. It came to our attention that Malwarebytes extension for browser (Malwarebytes Browser Guard) and Desktop Antivirus software is marking our Web Application Shufti Pro as: "Website blocked due to trojan". Also, it is showing a danger message for its clients, which is a false positive. Shufti Pro has a dedicated Security Department, and we understand that security is the main priority of every user. Shufti Pro doesn't steal or harm its visitor/client's data in any possible way. Also Shufti Pro does not have any type of virus, malware or trojan in its Web Application or any other service platforms. It is humbly requested that your team remove Shufti Pro's site from Malwarebytes' blacklist so that our clients can have a better and smoother experience. We hope you understand the situation. Feel free to ask any questions that deem necessary, and we'll be glad to help. Awaiting your kind response. Best regards, Tech Department, Shufti Pro Ltd.
  4. Hello. My name is Ane Mari Tache from the Innovative Solutions Grup. We are the developers of the Orange Defender PRO program. It seems that your AV program Malwarebytes is flagging our program as PUP.Optional.OrangeDefender on VirusTotal. As a software developer I can strongly and sincerely vouch that the files bellow don't contain any malware or PUP files. I have worked on these products, and know with 100% certainty that they don't contain malware. Please either whitelist our products or tell us, in detail, why they are considered malware. We would gladly cooperate with you in order to fix this problem which is damaging to us and to our users (and, by extension, to your users, also). Here is the download link: https://www.orange-defender.com/ Kind regards, Ane Mari Tache
  5. Hi, Recently I sent an installer of some software I made to my boss, and he reported seeing a MachineLearning/Anomalous.100% warning upon installation. As far as I know, my software should be safe, as I made it. Could you please flag this as a false positive so it doesn't show up as an anomaly? I attached both executables generated by the Squirrel installer, because I'm not sure which one is triggering the warning. Thanks. DirectPrintExecutables.zip
  6. We often recommend Malwarebytes to our customers and I don't recall there being a false positive with GlassWire/Malwarebytes in the past. Unfortunately now we are receiving complaints about a false positive and we need your assistance please. You can download our installer from here https://www.glasswire.com/download/. The false positive screenshot is attached. Thank you for your assistance. -Log Details- Scan Date: 6/11/20 Scan Time: 8:52 AM Log File: 65a7c437-abe2-11ea-a534-201a06b471c5.json -Software Information- Version: Components Version: 1.0.931 Update Package Version: 1.0.25366 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 320950 Threats Detected: 4 Threats Quarantined: 0 Time Elapsed: 22 min, 38 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Warn -Scan Details- Process: 1 Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, , , , Module: 1 Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, , , , Registry Key: 1 Trojan.MalPack, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GlassWire, No Action By User, 555, 830500, , , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, 1.0.25366, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected)
  7. Hello, this is my website where I test various CMS systems. I bought malwarebytes premium and I see varning about my webpage. Is there something wrong on my side I can fix? I didnt install any suspiscious extension or script. Thanks for cooperation. Have a nice day. JurajBe
  8. Hello. We respectfully request the removal of the flag on our software DriverFinder. Flag: PUP.Optional.DriverFinder Kindly note that this is a new version release certified clean and secure by Appesteem: https://customer.appesteem.com/certified?vendor=DESKT Kind regards, Melanie Tan DeskToolsSoft BV DriverFinderInstall.zip
  9. Hello, This is to inform you that I'm in receipt of an FSA abuse report initiated by hphosts against my blog site hosted by WordPress (www.antivirus[.]ink -> https://antivirusink.wordpress[.]com) the hphosts DOES NOT provide the specifics of the abuse except the FSA tag. (pls. see below) Since hphosts claims to use malwarebytes engine to flag hosts for abuse and malicious activity I kindly urge malwarebytes to provide me with the specific details of the abuse as per FSA classification which should fall into one of the following categories: 1. Using misleading means to peddle their products (e.g. claiming the product is free when in actuality, it's just a free scan) 2. Not keeping their affiliates under control (i.e. those affiliates spamming, using BlackHat SEO, or otherwise misleading users) 3. The site is residing on a known malicious IP block Please be reminded that the site does not sell any products (1), does not have and is not signed with any affiliates (2) and is hosted on wordpress.com (3) The site is a security information blog content ONLY and is aimed to raise public's awareness of emerging security threats, phishing attacks and in the wild malware activity. I'm eagerly awaiting your response so I can proceed with the appropriate legal actions further. Kindly, AC
  10. I recently ran Malwarebytes for the first time in a while and the following was detected: Registry Key: 10 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, No Action By User, [6454], [249843],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, No Action By User, [6454], [249843],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6454], [249279],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE, No Action By User, [6454], [249733],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6454], [249279],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE, No Action By User, [6454], [249733],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6451], [249279],1.0.8057 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6451], [249279],1.0.8057 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|DEBUGGER, No Action By User, [6451], [249279],1.0.8057 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|DEBUGGER, No Action By User, [6451], [249279],1.0.8057 Are these detections false positives? I have recently installed AVG Tune Up and suspect that some of them maybe false positives. AVG and Antispyware did not detect anything. Scans.docx
  11. I have developed 1 program. Checked with virustotal no error. Malwarebytes www.malwarebytes.com -Protokolldetails- Datum des Schutzereignisses: 29.08.18 Uhrzeit des Schutzereignisses: 06:21 Protokolldatei: 11d39624-ab43-11e8-9429-000000000000.json -Softwaredaten- Version: Komponentenversion: 1.0.421 Version des Aktualisierungspakets: 1.0.6545 Lizenz: Premium -Systemdaten- Betriebssystem: Windows 10 (Build 17134.228) CPU: x64 Dateisystem: NTFS Benutzer: System -Einzelheiten zu blockierter Schadsoftware- Datei: 1 MachineLearning/Anomalous.94%, D:\testsb\buildtest14.exe, In Quarantäne, [0], [392687],1.0.6545 (end) BUILDTEST14.zip
  12. Hello, I report a false positive, my website url is blocked by Malwarebytes Anti-Malware URL Blocked : rxcloud.fr.nf Best Regards, RoxasDev
  13. Hi, I've been using MalwareBytes Free on my computer for a number of years, never had a problem and only use it for the bare basics - only 'safe' websites (Wikipedia, Facebook) and don't use it a great deal anyway. Did a scan this morning and it detected "MachineLearning/100%anomalous detection" - interestingly I had run a scan earlier without the internet connected, but after I connected the internet and ran the scan again it found it. I've since quarantined and deleted the file, ran another scan and all seems well - I'd just like to know what it was and whether it was a real problem or a false positive. I did a large Windows update (1803) last night and wonder if that's related? I have looked over this forum and seen that this detection has come up a number of times for people developing their own software, however I am not a software developer and had nothing on my computer that an average user wouldn't have. I understand that MalwareBytes is using new detection systems to stop malware, and so hopefully this is a teething problem rather than a real concern. I'm pretty savvy about computer safety, but still I'd rather be certain that everything is OK. I'm attaching the exported report here. There are no other visible signs of infection (slowing down, redirects etc). Thank you! MB Report.txt
  14. Hello, We have fully cleaned and replaced the hacked version of this site Ccfriendsofwildlife.org. During this process we fully cleaned any hacked files on the system included the site's themes and plugins. We have also ensured the database is clean and removed all the injected content from the servers and checked and removed any malicious processes. We have checked the site using the "site: google search" and bad links we have also used fetch and render in google to ensure there is no bad content. All suspect javascript loaded and it's content has also been inspected. We have also performed a "curl" against the front page with a google bot user and again there is no spammy content returned or injected content. On top of this and most importantly we have placed the website behind an enterprise grade web application firewall to ensure this site has a high level of protection against any future attacks. Could you please ASAP remove any hack label and security warnings for this site.
  15. Hi, a program that has been on our server for years came back as Spyware.Lokibot. It has never scanned as Spyware before, so I am curious as to why it would suddenly start scanning as such. On the hourly scan, it came back two hours in a row, then didn't appear anymore. It is these two files Name Type Category Status Path Spyware.LokiBot File Malware Quarantined C:\PROGRAM FILES (X86)\SPICEWORKS\NMAP-5.61-SPICEWORKS-SETUP.EXE Spyware.LokiBot File Malware Quarantined C:\PROGRAM FILES\WINPCAP\RPCAPD.EXE and the programs installed are Nmap 5.61-Spiceworks 05/19/2016 Spiceworks Desktop 7.5.00087 05/19/2016 Spiceworks, Inc. WinPcap 4.1.2-Spiceworks 05/19/2016 CACE Technologies Please let me know if this was a false positive, or possibly caused by an update to Spiceworks (not sure if it updated automatically or anything).
  16. Please remove my website www.acasadibarbara.it, we had a problem in February but now is clean Thanks DAVID
  17. I have the same file information however I am using the cloud point software. I added snips from the scan that was completed.
  18. Hi, i have a problem with my application and Malware Bytes 3.4 I've developed an application and its exe file is detected as MachineLearning/Anomalous.94% (obviusly it's not a malware ) Is there a way to avoid this detection? Thanks
  19. Tried to look this up, but couldn't really find anything. I am not really experienced in this stuff. Sorry if this is a stupid question. I have MBAM 3 and after scanning my C drive with rootkit option on, it detected 2 threats, called Unknown.Rootkit.Driver and the location is C:\\Windows\System32\drivers\vwifibus.sys and vwififtl.sys. So these are apparently drivers, and I don't know how they affect my computer. I just quarantined the 2 in the meantime before I figured out anything. I want to note that vwifibus.sys came up a second time in a new scan just now. Quarantined it again. I just want to know if these are just false positives and if I should restore them, or do something else. Not sure if this is related at all to my recent problems of slow and inconsistent internet connections. Thanks for any info
  20. Hi, you are blocking this CloudFlare IP that has two of my sites, as well as oodles of sites of other people. You ought to contact CloudFlare and work it out. For the time being I'm telling my visitors who you are blocking to STOP using your product. There is absolutely nothing dangerous about my site (hochmanconsultants.com). If you disagree, please post a code snip to prove me wrong.
  21. Hi, We have received reports from our customers that our site is blocked by Malwarebytes even though we are a legitimate business and have been editing essays since the late nineties. Domain: essayedge.com IP: Can you please remove us from your block list? Thank you.
  22. Kindly Remove my website www.theprolink.com from your list.
  23. Hi, Can you please delist the domain dunntech.ddns.net Currently testing a program spiceworks using a free domain but malwarebytes is blocking it. -Website Data- Domain: dunntech.ddns.net Type: Outbound File: C:\Program Files (x86)\Spiceworks\Agent\Spiceworks Agent Service.exe Cheers
  24. I have SmartSVN Pro 9.1.2 #5050 on Windows 10 Pro. Last night Malwarebytes Anti-Malware Home (Premium) decided that 271 files and 51 folders in ... C:\Users\Laurence\AppData\Roaming\SmartSVN\ ... have the Trojan.Fileless in them. That seems unlikely. I am assuming this is a false positive with Malwarebytes but I would like to know if anyone else is seeing something like this. I updated the database, exited MBAM, ran MBAM /DEVELOPER, and rescanned the ...\SmartSVN\ folder above. I have attached the log file from that scan. Since the entire SmartSVN folder was detected I created a two part (to stay under 30MB per file) .rar of everything in it. 20161023-Malwarebytes-claims-SmartSVN-trojan-developer.txt SmartSVN.part2.rar SmartSVN.part1.rar
  25. This program is a variant of KODI/XBMC/TVMC. It is a legitimate program, but like Kodi/TVMC, it is detected as ransomeware.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.