Jump to content

[SOLVED] FP with Avast 9


pkolasa

Recommended Posts

Hello,

 

I have just come across a false positive between avast! (version 2014.9.0.2008, latest) and MBAE (also latest, 0.09.4.2000) on one of the computers I manage (Windows XP SP3).

 

When avast! detects an infected file being downloaded from Web it displays a warning (sorry, but my workstations are mainly in Polish), like this:

5gtc.png

When I click on the blue button named Więcej informacji (More information) it should open Firefox (which is default browser) with details. Instead, a warning from MBAE shows up, saying that an exploit has been blocked. Firefox with details never shows.

 

This is how it looks in the Logs tab:

7gar.png

I also attach mbae-default.log file. If I could be of help in this case, let me know.

 

Greetings!

mbae-default.log

Link to post
Share on other sites

A small update (sorry for posting one after the anoter, but I can't see any Edit button):
This seems to be a wider problem with avast!. It occurs when I click on any button causing default browser to open (such as Aktualizuj, Update in English in the following window):

xwtf.png

I have also noticed that MBAE blocks the attempt only if there is no other Firefox window opened. It it is, requested by avast! webpage shows up.

I have also attached newer version of mbae-default.log.

mbae-default.log

Link to post
Share on other sites

  • Staff

Tried replicating with no success:

 * Windows XP SP3

* MBAE 0.09.4.2000

* Avast Free AV latest version fully up-to-date

* Latest Firefox set as default browser

 

Can you please try uninstalling and re-installing MBAE to see if it makes a difference? Do you have Avast hardened mode on?

 

Also it would be nice if you can post or PM me a DDS log.

Link to post
Share on other sites

It seems that MBAE blocked avast's requests due to indeed enabled hardening mode. I disabled it and MBAE didn't block any of the avast request.

 

However, I rebooted to ensure that the hardening mode is really turned off. After the reboot, when I tried to start Firefox from Start Menu, I also encountered a popup from MBAE telling me that an exploit has been blocked. This happened just once, after closing popup and starting Firefox again, there were no popups.

 

Reinstalling MBAE doesn't change anything, regardless of hardening mode turned on or off.

 

I am attaching DDS (7zip packed) and another copy of mbae-default.log.

DDS.7z

mbae-default.log

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.