Jump to content

False? Positives


Anne__Burns
 Share

Recommended Posts

Hello,

 

I was told to come here because I am getting large quantities of Hijack. Hosts entries every time I have done a scan (over 60 today). I restored one from quarantine and it must be with new ones that have been detected.

 

I am doing the best I can to follow instructions but I am struggling here. What do I need to show so you can determine if they are false positives?

 

Anne

post-147861-0-89690000-1453596099_thumb.

post-147861-0-19251900-1453596119_thumb.

Link to post
Share on other sites

  • Staff

Hello Anne,

 

If you still have the scan window open with the results, click the "save results" button at the bottom left, choose "text file", give it a name like "MBAMLog" or similar & save it to your desktop.

Once you save it, please attach it in your next reply.

If you already closed the program..

Open MBAM again, click "history" tab, then "application logs"

Choose the scan log that showed threat results which opens in a new window.

Choose "export", choose "text file", give it a name like "MBAMLog" or similar & save it to your desktop.

Once you save it, please attach it in your next reply.

 

Thanks!

Link to post
Share on other sites

Hello blender,

Just to make things more interesting, I have the same problem going on with my laptop!! What are the
chances of getting false positives on two different machines? BTW, I have HostsMan on
both machines.Just saying. Right now, every time I do a threat scan on my desktop or laptop, I get more threat entries.

 

Anne

Help.txt

Link to post
Share on other sites

  • Staff

Hello,

 

New updates have been released to fix these false-positives.

Please make sure you are updated to 2016.01.24.01 & try a re-scan. 

If there are still detections, please post a new log.

 

As for your outgoing protection alerts you saw in the past.. 

These alerts are related to the IP protection. These alerts will tell you what program was trying to reach the bad IP.

When you see these, it is a good idea to run a scan because nothing on your machine should be trying to access bad IP addresses.

It likely wouldn't be anything to do with the hosts file... since the hosts file itself is designed to block your machine from getting to bad sites and block other communications that are a concern for privacy.

 

If you believe the site that is being blocked by IP protection is safe, you can report it here:
https://forums.malwarebytes.org/index.php?/forum/123-website-blocking/

 

Let me know please how the updated definitions get along with your hosts file.

 

Thanks!

Link to post
Share on other sites

Just so you know, I had updated MBAM both my laptop and desktop before I even started to scan them. They are both scanning clean now. In another post I put in I was told that the 'false positives' were fixed on the website. Did it take until now for the fix to take effect on my machines?

Link to post
Share on other sites

  • Staff

Hello,

 

You can delete them if you like.. good idea to check the logs/quarantine history once a month or so to keep the logs & quarantine stuff from building up over time.

Myself.. I usually keep stuff for about 2 weeks & delete anything older.

If the logs and such keep building & if there are a lot of logs/quarantine items, I find the program takes longer to open unless I keep the history items cleaned out & only keep a couple weeks worth of data.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.