Jump to content

False possitive - AutoIt3.exe


mikkelin

Recommended Posts

Malwarebytes detects AutoIt3.exe if it's taken outside the autoit folder, that's a false possitive, and it's quite annoying since many of 

our clients and users have malwarebytes installed on their machines, and we use a backup program made in Autoit, that's using non compiled scripts, to make the size smaller when we have to copy it over.

 

Here's a gif that shows the problem:

 

TTrUf1i.gif

 

 

Please fix it, 

Thank you.

Link to post
Share on other sites

Please reference; Please read before reporting a false positive

 

It provides information how to report a False Positive file detection.

 

Your ani-GIF is really cool but doesn't really provide Malwarebytes' Malware Researchers what's needed to negate a False Positive.

Link to post
Share on other sites

  • Staff

this should be fixed in the next update.

 

There is a major outbreak of adware that is using the legit autoit from the userroot ( which includes desktop) folder. That is what was triggering this heuritisic. I tightened up the def to hopefully prevent legit uses from being detected.

In general from a heurisitic strandpoint its not a great idea to run any exe from the userroot folder and can cause fps like this.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.