Jump to content
dg1974it

calibre latest version (2.57.1) -> false positive

Recommended Posts

Yesterday I've updated calibre to the latest version (2.57.1) and the antivirus (Avast Internet Security Premier), the anti malware (Malwarebytes Anti-Malware Home Premium) and the anti ransomware (Malwarebytes Anti-Ransomware) didn't find anything to complain while installing the update.

Then I started using calibre and after 20-30 minutes it crashed because Malwarebytes Anti-Ransomware put the "calibre.exe" in the quarantine for "generic ransomware".

I downloaded again the installer, repaired the installation, the I put the calibre.exe in the exclusion's list.

Today, again after 20-30 minutes of calibre doing its work, Malwarebytes Anti-Ransomware put "calibre-parallel.exe" in the quarantine...

I've attached the logs, the C:\ProgramData\Malwarebytes folder, the two exe quarantined.

You should add an option to exclude a folder, not only a single file. in the calibre folder there are a lot of exe... I don't want to manually exclude all of them because suddenly Malwarebytes Anti-Ransomware decided that these files are infected (and this is not true).

And you should add an option to restore a file from quarantine: if I try, the application says that it's impossible because the file was marked for deletion after reboot.

Thanks.

logs.zip

Malwarebytes Anti-Ransomware.zip

calibre.zip

calibre-parallel.zip

Share this post


Link to post
Share on other sites

Reference:

https://www.virustotal.com/en/file/99ea58458e9df56de9716ea8f81cf9b371f00c4cd84e80d37539dd8a19699f97/analysis/1463761120/ Unsigned
https://www.virustotal.com/en/file/e1036c4ff1b5d7b4b49488733dbee607d38d0c70ee7a02ab75e2a0d92bb24b72/analysis/1463758458/ Unsigned

Hello dg1974it and :welcome:

Available data strongly suggests false positives, and you may wish to retain the following temporary full pathname file entries in MBARW GUI Dashboard -> Exclusions:

Both binaries has been uploaded to the developers, please allow those entries to remain until you are requested to remove them.

                      C:\Program Files\Calibre2\calibre.exe
                      C:\Program Files\Calibre2\calibre-parallel.exe

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusions be altered/removed.  Thank you for beta testing MBARW and your valuable feedback.

Share this post


Link to post
Share on other sites

You are very welcome.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.