Jump to content

False Positive - Meraki SM


HDeskMcKellar
 Share

Recommended Posts

Reference: https://www.virustotal.com/en/file/6dad0a8a53835efb54e7988b9e8888b94b13c46cb599143cc3ab9e6f320de2bd/analysis/1459526325/

Hello HDeskMcKellar:

Till Decrypterfixer or a Malwarebytes staffer returns...

Available data does suggest a false positive and, if it has not already been done, you may wish to make the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

          C:\Program Files (x86)\Meraki\PCC Agent 1.0.94\m_agent_service.exe

At any time, a development team member, QA team member or staffer may request the above temporary exclusion be altered/removed.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

The key is:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MerakiPCCAgent

As well, I had added C:\Program Files (x86)\Meraki\PCC Agent 1.0.94\m_agent_service.exe to the exclusions. However, this morning I had found it had quarantined it a second time. I checked, and the .exe is still in the exclusions.

Link to post
Share on other sites

Hello HDeskMcKellar:

Please consider downloading and installing Beta6 on top of the already installed Beta6 on your Windows 8.1 x64 system.  In other words, do not uninstall your present Beta6, but do an over-the-top install a second time as follows:

1. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
2. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the MBARW Introduction topic.
3. Right-click the saved MBARW_Setup.exe file and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue.
4. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.

Re-enter the C:\Program Files (x86)\Meraki\PCC Agent 1.0.94\m_agent_service.exe exclusion later, and only if needed.

Please reply to your topic with the status of your reported issue.  Thank you for beta testing MBARW and your valued feedback.
 

 

Link to post
Share on other sites

Hi again,

After trying this solution, MWB AntiRansomware still added the file to the quarantine. After adding the file to the exclusions again, it still found the file and quarantined it.

Also, though this may be more related to our server configuration, when AntiRansomware protection is enabled, I am unable to log-in to my server profile (ie. It stops my server and local profiles from synchronizing). I thought it might be worth mentioning, in case there is a cause for this, or if you want me to make a new thread for it.

 

Thanks for all of the help thus far, 1PW and Decrypterfixer!

Link to post
Share on other sites

Hello HDeskMcKellar:

MBARW is in its Beta-testing phase. That means we do not recommend installing it on any work-related machine as the results may be unpredictable. Especially on Windows Servers, which are not supported.

Per https://forums.malwarebytes.org/index.php?/topic/178457-mbarw-on-file-server/#entry1018081

The MBARW Beta development team monitors this sub-forum, and they are also aware of similar reports for which they are working on a solution.
 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.