Jump to content

False Positive in Anti Ransomware.


Recommended Posts

Hi, I'm from Norway, and have a problem. The folder and its content: " C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6965.2058\OfficeClickToRun.exe" is completely removed by Anti Ransomware.

1. How to restore this .exe-file? In the "MBARW GUI Dashboard -> Exclusions:", there are NO options to do that in the GUI, ore elsewhere.  

2. And - in the "Quarantine" there are NO files, ore nothing else for that matter. So there is nothing to restore? But all the files are removed? What to do?



Link to post
Share on other sites

Hello Svein and :welcome:

Using the Windows built-in zip utility, please create the following 2, separate, zipped archives for MBARW developer team analysis:

1. Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
2. Create a separate .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the 2 zipped archives to your next reply.  Thank you for your beta testing contribution to the MBARW project and your valued feedback.

Link to post
Share on other sites

Hello Svein:

Thank you for the posted archives, and while they are being analyzed, you may wish to try using the following Microsoft based procedure to repair your system's Office installation.

How to Repair an Office application:

  1. Please consider producing a hard copy of the procedure within Repair an Office application.
  2. Restart the computer in question into the Windows Normal mode and terminate unnecessary applications.
  3. Follow Microsoft's procedure within step 1.
  4. Again, restart the system into Windows Normal mode.
  5. Confirm the previously missing file has been restored.

Please reply to this topic with the status of your system.  Again, thank you for beta testing MBARW and your valued feedback..

Link to post
Share on other sites

Hello Svein:

Available data strongly suggests a false positive, and if it has not already been done, you may wish to make the following temporary full pathname file entry in MBARW Beta7's GUI Dashboard -> Exclusions:

   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.7070.2026\OfficeClickToRun.exe

Reference: https://www.virustotal.com/en/file/d69132d2bc6dc6f17f77ebd7d51e4e9169350797866df9ab06a4e37c11a892d4/analysis/ Signed.

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/deleted.

Thank you.

Edited by 1PW
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.