Jump to content

What happens to the quarantined threats whenever it is later discovered as a false positive?

Recommended Posts


What happens to the quarantined items whenever it is later discovered that the threats are false positive? Are they automatically restored or will they stay in the quarantined folder whenever Malwarebytes is updated?


Link to post
Share on other sites

Hi, @cgh:

@Aura is correct both here and in your other topic.

Just to add, however, your other post suggests that you are running MBAM-Business in a work environment?

If so, please note that the Business product does differ in some aspects from the Consumer version towards which this particular forum area is targeted.

There is a dedicated team of Business Help Desk members who can assist you directly and privately, via email.
There is a special forum area for MBAM-Business HERE.
You may wish instead to open a ticket directly with the Business Help Desk HERE.  Many business customers prefer that approach, rather than posting potentially sensitive business information in a public forum.
The Business Help Desk will be happy to help you with restoring possible false positive items in quarantine, etc.

Just a suggestion,


Edited by daledoc1
Link to post
Share on other sites

You are supposed to check whenever Malwarebytes quarantine something (either in real-time protection or following a scan). From there if you think an item it quarantined is a false positive, you can report it in the section linked above. Usually users notice these rapidly. 

If you want that feature to be added, you can suggest it in the Suggestion section (I think you are already familiar with this section).

Also about the "Do you hear yourself?". I don't work for Malwarebytes nor do I control anything regarding their programs, I'm merely answering questions regarding how it works, so if you don't like my answers, I would ask you to not speak to me like I have control over these things because I don't. I'm merely a volunteer.

Thank you.

Link to post
Share on other sites


was suggesting that this is a general normal procedure; I would have expected you to express, somehow, disagreement with such approach.

Well this is a general normal procedure in the case of Malwarebytes, and seeing that I have no problem with that approach, I think I worded my answer in a perfectly fine way.

I don't think other Antimalware like Zemana and HitmanPro have that feature as well. I could check tonight to make sure.

Link to post
Share on other sites

1 hour ago, olduser said:

What about MBA automatically scanning the quarantine after each update, eh??? (like ESET does)

The thing to remember here is that you are comparing an Antimalware product with an Antivirus product.  MBAM is NOT an antivirus product hence it operates differently than an Antivirus product.

As @Aura already mentioned, if you want something added you are always welcomed to suggested in the appropriate section. He also mentioned, most folks know pretty quickly if something was removed from their computers and it was a false positive.

Link to post
Share on other sites

  • Root Admin

Yes, the suggestion is good. However, a manual review with any product is a recommended good practice. It would not matter if the product rescanned quarantine every single update as it could still be a false positive for days, weeks, months if your machine was the only one with that file and no one else reported it either. Automation is great, but it should not always replace the human mind.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.