MBAM and settings

[plb4333]

Hi everyone. I have a problem with MBAM not remembering my settings for malware exclusions. Even tho I Un-mark the files when found and then clicking Next. The program does acknowledge the files are to be exempt from further scans. This is not working tho. Every scan brings the same files up after the scans. It thinks the files located in System32/Drivers are unknown rootkits, but they're not. I uploaded each one and all to virustotal and all were safe. Got something to do with mismatched signatures and I'm assuming they're False-Positives sunce virustotal says they're good. I also did a re-download of windows specific hotfixes that had these files, which took a long time to research. All the files are system files with .sys. So I'm wondering, does this setting to exclude not stick because of rootkit findings? I would really like my settings to excluding work continually. Thank you for any info on this.

[pondus]

report False Positives here > https://forums.malwarebytes.org/forum/122-false-positives/

also post malwarebytes scan log and link to virustotal scan result

Edited September 18, 2016 by pondus

[daledoc1]

Hi:

In addition to @pondus's advice...

... there ought to be no reason to have to add legitimate system files, MS hotfixes or drivers to malware exclusions.
In fact, doing so can be dangerous.
Malware exclusions are rarely needed for the average computer user, except perhaps one's AV.

So I strongly suggest following the previous advice to post the requested info in the False Positives forum.
The Research Team will evaluate the data and advise you.

Thanks,

[shadowwar]

Are you using rollback rx?

If so uninstall it reboot then reinstall it. That should fix the unknown rootkit detections.

 

[plb4333]

On 9/20/2016 at 6:59 AM, shadowwar said:

Are you using rollback rx?

If so uninstall it reboot then reinstall it. That should fix the unknown rootkit detections.

 

Thanks to all who replied to this. Sincerely appreciated. This appears to be it, I do have Rollback RX and so I'll do as suggested. If by chance it doesn't resolve, I'll upload the 7 files to see if False-Positives or not. Thanks so much.

[plb4333]

Hi. For whatever it might be worth, I should of mentioned the system drivers involved when trying to get help on this. These were the files that only MBAM found to be unknown rootkits. '' mrxsmb.sys, mrxsmb10.sys, mrxsmb20.sys, srv.net, srv2.sys, srvnet.sys ", and sometimes ksecdd.sys  Definitely will be uninstalling and reinstalling Rollback RX 10.4

 

[shadowwar]

Yeah these are false positives with the way rollback rx protects files. It kinda uses rootkit style protections.