Jump to content
sirlogan

Unable to move off quarantine

Recommended Posts

I installed MAR and it detected two programs as ransomware:

Curse Client

BattleNet Agent

 

They both execute from the AppData folder, so I know why they were treated as ransomware. And the way the ransomware works it is expected that the program tries to block anything that is executed from there.

What I don't like is that the can't be moved out of quarantine if they are marked for deletion after a reboot.

 

I expect the program to treat every program running from the AppData as a ransomware suspect. What I do not expect is that the program will not allow me to mark them as safe. Program should be able to learn, but it must allow us to help it do that.

 

I uninstall it and will wait for a new version to test it again.

Share this post


Link to post
Share on other sites

I had a similar problem and went to exclusions to mark as safe, but you are correct - no way to restore.

Share this post


Link to post
Share on other sites

Hello sirlogan and :welcome:
 
Please carefully read How to report a False Positive and kindly attach the requested files to your next reply in this thread.

Thank you for beta testing MBARW and your feedback.

Share this post


Link to post
Share on other sites

Thanks for the reply 1PW, but I am not reporting a false positive. I am reporting that a function that the program supposedly has is not working as expected. As I said, I expect false positives in the way this program works, what I don't like is that I have to delete the false positive detection in order to be able to then remove it from the quarantine.

 

So, no, not reporting a false positive, reporting a bug. If that is not a bug then this is a function that is working as expected and I am not interested in keep on using the program.

Share this post


Link to post
Share on other sites

Hello sirlogan:

 

I apologize for misinterpreting your original post's main intent.

 

We will need to wait for the devs to weigh-in then.

 

If you would still like to report the false positives themselves, the pinned topic I quoted above is still applicable.

 

Thank you for the clarity and for testing MBARW.

Share this post


Link to post
Share on other sites

SirLogan,

 

MBARW actually doesn't delete any file. Because of the way Ransomware works and how they need to be quarantined, you simply need to reboot to restore them. Once you rebooted after the detection, you would have been able to restore the files easily. Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.