Jump to content
hza

[false positive] recycle bin

Recommended Posts

Win10.  Anti Ransomware Beta 0.0.14.361

The task explorer.exe was detected as ransomware while emptying the recycle bin :(

 

Screenshot1903-001.jpg

Share this post


Link to post
Share on other sites

Hello hza:

Thank you for the valuable screen grab! Please create the following archives for developer analysis:

Create a ZIP archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another ZIP archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.

Thank you.

Share this post


Link to post
Share on other sites

Thanks for your reply..  Here are the two archives you asked for.

Additional info: explorer.exe in the win system folder was added to the exclusions before (it was the second time Anti-Ransomware tried to move explorer.exe to the quarantine folder).

 

MBAMService.zip

Malwarebytes Anti-Ransomware.zip

Share this post


Link to post
Share on other sites

Hello hza:

In another thread earlier this month, the MBARW Program Manager requested an archive set that you may have not seen due to a topic interloper.

In addition to the directory archives you've kindly sent, please ZIP the C:\Windows\explorer.exe file from the system in question and attach that archive file to a reply.

Thank you again.

Share this post


Link to post
Share on other sites

Sorry, I did not see this request :(

 

But finally here's the requested explorer.exe from the c:\Windows folder

 

 

explorer.zip

Share this post


Link to post
Share on other sites

Hello hza:

The archive you have sent is bit-for-bit identical to one in my test box. The MBARW developer team will be checking further.

https://www.virustotal.com/en/file/85eb79207ffbd85b22196dd2538b6216faba8f98b61ba9b65de377ec2c819d9a/analysis/

Presently available data points to a false positive, and therefor you could consider temporarily entering the following in MBARW GUI Dashboard -> Exclusions:

C:\Windows\explorer.exe


Thank you for beta testing MBARW and your valued feedback.

Share this post


Link to post
Share on other sites
1 hour ago, 1PW said:

C:\Windows\explorer.exe

The file c:\windows\explorer.exe  WAS already added to the exclusion list and still it was (falsely) detected as ransomware. This is the list off all files listed as exclusions.

 

Screenshot2003-003.jpg

Share this post


Link to post
Share on other sites

Hello hza:

This is excellent data for the MBARW developer team. Thank you kindly for the good feedback.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.