False Positives and Non Detection

[JohnSand15]

Hello all,

I wanted to make everyone aware of an issue that we have while participating in the open beta. Our first issue that we have run into is a false positive on malware\ransomware where the software identified one of our applications (authenticat.exe) as a ransom agent. This false positive is in actuality an application that is installed via group policy by us. It authenticates the end user to our M86 web filter and authorizes traffic restrictions and freedoms for web browsing.

On the other hand, when the software was needed it had unfortunately missed a rather bad case of ransomware that was spread throughout our file server. The file rename scheme was named batman@aol.com_xtbl. It encrypted files with a .xtbl extension. Our backups made quick work of it, I just wanted to make you all aware of one that slipped through the cracks.

 

I really appreciate all your hard work in this venture. Thanks for having an open beta of this software. We will continue to participate in the open beta and I will share any more information I have. Thanks!

[1PW]

Hello JohnSand15 and

Please carefully read the locked and pinned topic in this sub-forum, How to report a False Positive and for developer analysis, kindly attach the 3 requested .zip archives to your next reply in this thread.

If an exclusion has not already been entered, a temporary exclusion entry might then be made available to prevent a re-occurrence for your individual system.  Thank you for beta testing MBARW and your feedback.