Jump to content

perl.exe false positive


Recommended Posts

I see Cygwin has a perl update.  I would not be surprised it this perl.exe too is flagged.

Link to post
Share on other sites

Sorry about that.  I must have used just `zip` instead of `zip -r`.  I attach logs.zip.





Link to post
Share on other sites

Hello ingber:

Available data strongly suggests a false positive, and since the following pathname has been entered in MBARW GUI -> Exclusions, and the binary has been uploaded to the developers, please allow the entry to remain until you are requested to remove it:


Reference: https://www.virustotal.com/en/file/e6697df24cd2520bf6cf5049773365c551e2d2321cf1879d6991765f650f0522/analysis/1465861129/

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/deleted.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

This happened again?  The file is the same; it was not updated?

Furthermore, as I had reported with a different false positive, after the required reboot, MBARW does not restore the file with its original permissions:

7:03:59am ingber@lesterX1:/cygdrive/c/texlive/2016/tlpkg/tlperl/bin% ls -l
total 3584
-rwxrwx---+ 1 ingber         ingber  471519 Jun  9 12:58 libgcc_s_sjlj-1.dll
-rwxrwx---+ 1 ingber         ingber  939212 Jun  9 12:58 libstdc++-6.dll
-rwxrwx---+ 1 ingber         ingber   52036 Jun  9 12:58 libwinpthread-1.dll
-rwxrwx---+ 1 Administrators SYSTEM   18432 Jun 23 07:01 perl.exe
-rwxrwx---+ 1 ingber         ingber   18432 Jun  9 12:58 perl5.22.1.exe
-rwxrwx---+ 1 ingber         ingber 2119168 Jun  9 12:58 perl522.dll
-rwxrwx---+ 1 ingber         ingber   13824 Jun  9 12:58 perlglob.exe
-rwxrwx---+ 1 ingber         ingber   18432 Jun  9 12:58 wperl.exe

Furthermore, since my last report on this file, I have had it listed under exclusions, and still this was reported again?  See attached zipfile of the jpg.



Link to post
Share on other sites

Hello ingber:

This will likely earn special interest with the MBARW developers and staffers.  Please create the following zipped archives for MBARW developer team analysis:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the zipped archives to your next reply.  Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

Hello ingber:

Thank you kindly for the archive set.

Please retain the current exclusions entered in the system's MBARW Beta7 (v

Hopefully the MBARW developer team is currently or will soon investigate.

Thank you again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.