Jump to content

MBAM and settings


Recommended Posts

Hi everyone. I have a problem with MBAM not remembering my settings for malware exclusions. Even tho I Un-mark the files when found and then clicking Next. The program does acknowledge the files are to be exempt from further scans. This is not working tho. Every scan brings the same files up after the scans. It thinks the files located in System32/Drivers are unknown rootkits, but they're not. I uploaded each one and all to virustotal and all were safe. Got something to do with mismatched signatures and I'm assuming they're False-Positives sunce virustotal says they're good. I also did a re-download of windows specific hotfixes that had these files, which took a long time to research. All the files are system files with .sys. So I'm wondering, does this setting to exclude not stick because of rootkit findings? I would really like my settings to excluding work continually. Thank you for any info on this.

Link to post
Share on other sites


In addition to @pondus's advice...

... there ought to be no reason to have to add legitimate system files, MS hotfixes or drivers to malware exclusions.
In fact, doing so can be dangerous.
Malware exclusions are rarely needed for the average computer user, except perhaps one's AV.

So I strongly suggest following the previous advice to post the requested info in the False Positives forum.
The Research Team will evaluate the data and advise you.


Link to post
Share on other sites

On 9/20/2016 at 6:59 AM, shadowwar said:

Are you using rollback rx?

If so uninstall it reboot then reinstall it. That should fix the unknown rootkit detections.


Thanks to all who replied to this. Sincerely appreciated. This appears to be it, I do have Rollback RX and so I'll do as suggested. If by chance it doesn't resolve, I'll upload the 7 files to see if False-Positives or not. Thanks so much.

Link to post
Share on other sites

Hi. For whatever it might be worth, I should of mentioned the system drivers involved when trying to get help on this. These were the files that only MBAM found to be unknown rootkits. '' mrxsmb.sys, mrxsmb10.sys, mrxsmb20.sys, srv.net, srv2.sys, srvnet.sys ", and sometimes ksecdd.sys  Definitely will be uninstalling and reinstalling Rollback RX 10.4


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.