Jump to content

Does the "Exclusion" of files already work?


Recommended Posts

I got a new warning that EXPLORER.EXE (while deleting files in a folder) was detected as a ransomware and moved to the quarantine.

Problem:  c:\windows\explorer.exe is already listed as an exclusion.

 

A scan of c:\windows\explorer.exe  with virustotal.com showed that it is clean 

https://virustotal.com/de/file/85eb79207ffbd85b22196dd2538b6216faba8f98b61ba9b65de377ec2c819d9a/analysis/1459415827/

So I wonder: is the exclusion of files really working at the moment?  And again I ask politely the developers to add the full path info, when a ransomware was detected :) 

 

Screenshot3103-002.jpg

Screenshot3103-003.jpg

Link to post
Share on other sites

Hello hza:

Let's start with your logs. Please create the following zipped archives for developer team analysis:

Create a zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply and then do a conventional Windows uninstall & reinstall of Beta5, MBARW 0.9.14.361 and include the status of the system's issue in your next reply.

Thank you for beta testing MBARW and your valued feedback.

Link to post
Share on other sites

Thanks for your feedback! 

Here are the requested files.. This morning I had some problems with the actual beta software :( It considered the purging of The Bat message's bases as ransomware activity and put the the Thebat.exe in quarantine (even this file was already excluded - and virustotal.com showed no infection of it). Worse: after the requested reboot of the computer it encountered an error and did not start again :( Another reboot (well, a real hardware reboot with power off for some minutes) neither resolved the problem. So I had to remove the software and install it again. Bad: the file in the quarantine was gone and I had to repair / re-install TheBat :(

Again I added all the lost filenames in the "exclusions section" of MBARW  and now TheBat starts fine :) and even purging of it's message bases is allowed.

Screenshot0104-001.jpg

Since I made a ZIP file the requested folders already yesterday I can provide you yesterday's (filename starting with 160331 and today's (160401) archives..I know they actual logs should contain all details of yesterday's archive.. but just in case something went wrong with re-installing the software.... :)

PS: I noticed a huge difference in file size of the MBAMService Zips.. one file (a zip file in the TMP direcotry) in today's archive is gone.

 

 

 

 

 

160401-MBAMService.zip

160331-Malwarebytes Anti-Ransomware.zip

160331-MBAMService.zip

160401-Malwarebytes Anti-Ransomware.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.