Jump to content
mikkelin

False possitive - AutoIt3.exe

Recommended Posts

Malwarebytes detects AutoIt3.exe if it's taken outside the autoit folder, that's a false possitive, and it's quite annoying since many of 

our clients and users have malwarebytes installed on their machines, and we use a backup program made in Autoit, that's using non compiled scripts, to make the size smaller when we have to copy it over.

 

Here's a gif that shows the problem:

 

TTrUf1i.gif

 

 

Please fix it, 

Thank you.

Share this post


Link to post
Share on other sites

have you tested the file at www.virustotal.com     if tested before, click new scan and post link to scan result here

Share this post


Link to post
Share on other sites

Please reference; Please read before reporting a false positive

 

It provides information how to report a False Positive file detection.

 

Your ani-GIF is really cool but doesn't really provide Malwarebytes' Malware Researchers what's needed to negate a False Positive.

Share this post


Link to post
Share on other sites

this should be fixed in the next update.

 

There is a major outbreak of adware that is using the legit autoit from the userroot ( which includes desktop) folder. That is what was triggering this heuritisic. I tightened up the def to hopefully prevent legit uses from being detected.

In general from a heurisitic strandpoint its not a great idea to run any exe from the userroot folder and can cause fps like this.

Share this post


Link to post
Share on other sites

I see what you mean, but I think it's not the right way to detect it, causes too many false detections, I think it's better to detect the bad code, even it might not be the easiest solution.

Share this post


Link to post
Share on other sites

I wish it was that easy. :) the bad code is a huge multi megabyte randomized autoit script that is almost impossible to offer proactive protection against. This was the best way to protect our users. It should no longer be detected though in legitmate uses.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.