Jump to content

False positive - is there a log file?

Ztruker

By Ztruker
in Anti-Ransomware Beta

 Share

Recommended Posts

Ztruker

Ztruker

Posted
  • Author
Posted

I should have looked there first, thank you.

 

Here are the zip files:

MBARW-logs.zip

MBARW-logs.zip

 

Is there a way to add a registry entry to the exclusion list?

 

This is the entry that was falsely quarentined:  HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mfsyncsv

 

It belongs to a program called MirrorFolder which has been around for a long time. I've been using it since early XP days.

Malwarebytes Anti-Ransomware.zip

Link to post
Share on other sites
Ztruker

Ztruker

Posted
  • Author
Posted

No edit capability that I can see. Looks like one zip file shows twice in my previous post.

 

Anyway, I wantexd to add the registry value that was quarentined:

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\mfsyncsv    DisplayName    REG_SZ    MirrorFolder Auto-synchronization Service    Description    REG_SZ    Performs automatic synchronization for MirrorFolder.    Type    REG_DWORD    0x10    Start    REG_DWORD    0x2    ErrorControl    REG_DWORD    0x1    ImagePath    REG_EXPAND_SZ    C:\windows\system32\mfsyncsv.exe    ObjectName    REG_SZ    LocalSystem
Link to post
Share on other sites
Aura

Aura

Posted
Posted

Wouldn't that be...

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\mfsyncsv]"DisplayName"="MirrorFolder Auto-synchronization Service""Description"="Performs automatic synchronization for MirrorFolder.""Type"=dword:00000010"Start"=dword:00000002"ErrorControl"=dword:00000001"ImagePath"=hex(7):43,00,3a,00,5c,00,77,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\  5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,66,00,73,\  00,79,00,6e,00,63,00,73,00,76,00,2e,00,65,00,78,00,65,00,00,00,00,00"ObjectName"="LocalSystem"
Tried it on my own machine and it worked. Well, adding the key that is.
Link to post
Share on other sites
Decrypterfixer

Decrypterfixer

Posted
Posted
Please take the time to read our update post on Malwarebytes Anti-Ransomware and the False Positives issues. This post also goes into detail about what to expect for BETA 3 update which will fix a lot of the reported issues. Thanks!

 

Dealing with FPs and preparing for beta3:


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.