Jump to content

False Positive - Unknown


Recommended Posts

Hello Team:


While not monitoring this particular W10 test system, the following notice had appeared on the Administrator's desktop:




Upon seeing the notice for the first time, the MBARW beta4 Quarantine window was immediately displayed showing no entries as per the next attachment:




The system was then immediately powered down, in an orderly manner, followed by thirty (30) second delayed cold start. At the completion of the cold start, the MBARW Quarantine window also held no entries.


12 to 14 hours prior to this incident, a typical "Black Tuesday" celebration had been held bringing this W10Prox64 test system up from a 10586.74 to a 10586.104 build joined by Adobe's Flash Player update releases.


Prior to, and following these observances, MBARW's Real-Time protection never stopped. i.e. I have never needed to manually force Real-Time protection on.


The usually requested directory zip files follow, and no re-occurrences or other system anomalies have been observed yet.


Malwarebytes Anti-Ransomware.zip logs.zip


Thank you.

Link to post
Share on other sites

  • 1 month later...

I just had the same issue and came across this post. It showed "ns.exe" but quarantine was empty. But ns.exe belongs to symantec.

2016-03-02 11:53:14.204 GMT
PID 2728 started c:\program files (x86)\norton security\engine\\ns.exe Signed (ac11abbefc5eba3116d5d15ae41b108c)
1 computer(s) have seen this md5 in 31 processes:
Process Metadata
Running for 26 days, last activity about 25 days ago
Username: SYSTEM
MD5: ac11abbefc5eba3116d5d15ae41b108c
Command line: "C:\Program Files (x86)\Norton Security\Engine\\NS.exe" /s "NS" /m "C:\Program Files (x86)\Norton Security\Engine\\diMaster.dll" /prefetch:1
Binary Info
Company: Symantec Corporation
Product: Norton Security
Description: Norton Security
Signature Status: Signed
Publisher: Symantec Corporation




Link to post
Share on other sites

Hello chocmilk and :welcome:

It is disappointing to read your testing system is having MBARW Beta issues but each computer is unique. Problems that seem "the same" frequently are not.

The same is true for solutions. Solutions may often need to be individualized for your unique testing system.

It is less confusing for everyone if a "One Member Per Topic" policy is adhered to instead of posting to the topic of another member.

Development Team Members, Staffers and helpers will be able to more easily provide both you, and the OP/Topic Starter, with individualized assistance.

Please start a NEW, and SEPARATE topic by left-clicking this >>Start New Topic<< link now.

Thank you always for your patience and understanding.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.