Jump to content

Recommended Posts

I came to the forum looking for instructions about how to check if a quarantined item is a real threat or a false positive.

I have version 0.9.15.416 (which I now understand is old).

How can I update the program? What happens to files in quarantine when I uninstall this version and install the latest version?

Thanks.

Link to post
Share on other sites

Hello seagull and :welcome:

The procedure to check a quarantined file is to follow the reporting instructions below as best you can.  MBARW Beta6 (v0.9.15.416) is the version all beta testers should be at as I send this post.

Please carefully read the locked and pinned topic in this sub-forum, How to report a False Positive and for developer analysis, kindly attach the 3 requested .zip archives to your next reply in this thread.

If an exclusion has not already been entered, a temporary exclusion entry might then be made available to prevent a re-occurrence for your individual system.

Thank you for beta testing MBARW and your feedback.

Link to post
Share on other sites

Sorry - I'm far from an expert at this so I have another question before I follow the steps you requested.

Since I'm not sure this IS a false positive (how can we ever be sure about that?), is it safe to restore the file from quarantine?

Link to post
Share on other sites

Hello seagull:

Thank you for the good question.

After you have attached the requested archive data (.zip files) and posted your next reply, a preliminary analysis can be undertaken and a recommendation will be issued in a reply to your topic.

Thank you again.

Link to post
Share on other sites

Sorry - me again.

The reason I asked the question is that removing the file from quarantine is one of the first steps in the instructions. Here is what's written in the relevant forum:

  1. Finish the detection process and reboot if asked by Anti-Ransomware.
  2. After reboot disable the Anti-Ransomware protection.
  3. Restore the file from Quarantine and add it to the exclusions.
  4. Find the restored EXE file that was quarantined, right-click on it and click "Send To >> Compressed (Zipped) Folder". Attach this ZIP file also to your report.

My question was is step 3 really safe.

Link to post
Share on other sites

Hello seagull:

No apology is necessary and your concerns are appreciated.  At your discretion, you may consider leaving the unspecified executable in quarantine.  A tentative analysis is perhaps possible, with somewhat lesser confidence, if you attach the following:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.  Thank you again.

Link to post
Share on other sites

Reference: https://www.virustotal.com/en/file/562937AC01AF8673EB0374F0FC9C2C82DE59BB3A7E0CC7D7A19773056892F186/analysis/ Unsigned

Hello seagull:

The binary in question was uploaded to the developers on 16-May-2016.  Available data strongly suggests a false positive and, if it has not already been done, you may wish to make the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

          C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.750.3.0_x86__kgqvnymyfvs32\candycrushsaga.exe

That system's MBARW Beta6 (v0.9.15.416) is up-to-date and if it were to be thoroughly uninstalled/installed, the contents of MBARW Beta6's quarantine would have been deleted.  The executable in question may be restored from quarantine as long as the pathname above is soon entered in the exclusion entries list,  At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/removed.

Thank you for beta testing MBARW and your valuable feedback.

Edited by 1PW
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.