Jump to content

SEP giving false positives?


Recommended Posts

Hi all,

So we run Malwarebytes Management Console v1.5.0.2701 pushing out the Malwarebytes Managed Client to our workstations. Our workstations our also running SEP (Symantec Endpoint Protection). Occasionally i get an email alert of SEP detecting a virus/malware on a workstation so i investigate, here is an example from Wednesday.

The email alert was for Trojan.Cryptolocker on Tempxyz123 machine. The file name was 00010503.tmp, now the strange thing is it was detected in "c:\program files (x86)\malwarebytes' anti-malware\", so the full folder file path was "c:\program files (x86)\malwarebytes' anti-malware\00010503.tmp".

Next i checked MBAM log files and found no alerts of the virus being found, i also checked that folder and did not find the file, i did turn on hidden files and system files, and it still was not there, also performed a search.

I matched up her browsing history on all browsers to the time, even 90% of the entire day, all sites were safe, it was not many and mostly internal sites of ours.

My only guess was MBAM was performing definition updates, this file is or could be part of the definition updates and SEP detected it and reporting it (false positive). However i did check log files of when definition updates were done, and none of them matched up to the times around when virus was found. 

The workstation is running Windows 7 Pro, 6GB of DDR3, MBAM and SEP, latest versions. 

Any ideas? 
I get can screenshots, log files, anything that is needed. Would like to figure this out as I have other email alerts in the past of this, however they were different virus'. I suppose the easy way out would be to whitelist the Malwarebytes folder, but was hoping to get a little insight on this .tmp file though and background of this. 

 

Thank you all!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.