Jump to content
jahjar

Eclipse maybe detected false positive

Recommended Posts

Reference: https://www.virustotal.com/en/file/cd9df0a6f2a83434d73d2d60e0971f759f39d034874c3721f32378fffe95d32d/analysis/ Unsigned

Hello jahjar and :welcome:

Available data strongly suggests a false positive, and since the following pathname has been entered in MBARW GUI -> Exclusions, and the binary has been uploaded to the developers, please allow the entry to remain until you are requested to remove it:

                      C:\Users\neko\eclipse\php-latest\eclipse\eclipse.exe

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/removed.  Thank you for beta testing MBARW and your valuable feedback.

Share this post


Link to post
Share on other sites

Hi ladies and gents,

This is my first post in the forum and our company rolled Malwarebytes out the the whole of the company. About 150 users. 

We have slight issues but nothing major, applications running is;

Ransomware + Anti-Exploit + Ant-Malware

To get to the eclipse.exe problem, Ransomware is picking it up as a threat. Yes I know I must get the logs to diagnose this issue. 

From the developers side and research team, what information can you give about this? 

I know Ransomware is still a baby and only on version 0.9.17.689. 

The comment from 1PW I don't understand 100%.

Share this post


Link to post
Share on other sites

Hello JPR_VSTH and :welcome:

Although it appears your organization may be using the enterprise/business/release version of Malwarebytes Anti-Ransomware (MBARW) for business, the same data is required of your operation that will allow the most accurate feedback to you, as well as the likelihood of correctly white-listing the exact version of the binary that is falsely triggering the alert reported.

Please carefully read the locked and pinned topic in this sub-forum, How to report a False Positive and for MBARW developer analysis, kindly attach the 2 requested .zip archives to your next reply in this thread.

If an exclusion has not already been entered, a temporary MBARW exclusion entry might then be made available to prevent a re-occurrence for your systems.  Thank you for using MBARW and your feedback.

Edited by 1PW

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.