Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

False Positive: phpStorm w/file watchers.


Recommended Posts

Ok, so I ran phpStorm fine for a couple days with the Ransomeware beta running without issues.

Today that all changed when I opened a project to make some css changes to a website.

The project I was working on uses less to generate css that is then used on the website. I use a feature of phpStorm called file watchers to convert the less to css that is then pushed to the server. What the file watchers do is, on content changing in the less file it automatically recompiles the css and overwrites the original css, in that way I don't have to remember to manually compile my less down to css. Very handy!

Well today after about 2-3 dozen edits to the css my phpStorm instance auto closed and Randsomware beta had tossed my phpStorm64.exe into quarantine. I watched this happen exactly as the filewatcher kicked in to compile the css.

I have a funny feeling other jit or otf compilers might experience this same type of false positive. As in essence things like the css file that triggered the response on my machine was getting overwritten by the filewatcher repeatedly over the course of the 10 minutes I was editing the less file.

Anyways, I hope you can get some use out of this.



Malwarebytes Anti-Ransomware.zip


Link to post
Share on other sites

Reference: https://www.virustotal.com/en/file/8ad05a6e8e50b6e2f15dfe3501999b8eede622bc12d732c1fe6e1791d6e00e9c/analysis/1458787985/ Unsigned

Hello Orillian and :welcome:

Available data strongly suggests a false positive and, if it has not already been done, you may wish to make the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

                      C:\Program Files (x86)\JetBrains\PhpStorm 2016.1\bin\PhpStorm64.exe

At any time, a development team member, QA team member or staffer may request the above temporary exclusion be altered/removed.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

Note: This particular issue will be found with just about any jetBrains application, phpStorm, webStorm, Idea, pyCharm, etc.. with both the 32bit (phpstorm.exe) and 64bit (phpstorm64.exe) executables when the user has regularly activated file watchers.

Thanks for the welcome btw! ;)


Edited by Orillian
Link to post
Share on other sites

Hello Orillian:

1. The requested logs can help reveal to the devs exactly why those apps are triggering MBARW Beta6 and not others.

2. It would also be informative if select exclusions were entered in MBARW Beta6 for a temporary period.

3. Also, please consider left-clicking the "Follow" box near the top-right corner of this thread for timely notifications.

Thank you again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.