Jump to content
ceravis

MacType.dll flagged even after adding to exclusions

Recommended Posts

This is a desired, open-source program: https://github.com/snowie2000/mactype

This file continues to be quarantined (after I manually remove it from quarantine) when it tries to load on each reboot, even though I've added it to the exclusions, and even though I've disabled the "automatic quarantine" option in Settings -> Protection.

Please help! :D

 

mactype.dll.txt

MacType.dll.zip

Share this post


Link to post
Share on other sites

Hi,

This is triggered by the Anti Exploit component in Malwarebytes. I'll report this to the correct team so they can have a look.

So exclusions don't work either? Can you try to add the file manually to exclusions? This can be done via settings > Exclusions tab.

There, click Add Exclusion > Exclude a previously Detected Exploit.

Please let me know if that worked as a temporary workaround.

Thanks!

 

Share this post


Link to post
Share on other sites

Thanks for your quick response, and sorry for my delay ;)

I made multiple exclusion attempts: I manually added the individual DLL file by name, as well as the parent folder, and the file hash from the previous detections.  In each instance after rebooting, the file was quarantined again.

Note that the file is only quarantined on Windows startup when the program attempts to load the DLL hooks, so my temporary workaround for now is: remove from quarantine, restart the program, and don't reboot ;)

 

 

Share this post


Link to post
Share on other sites

Thanks again for your quick reply -- sorry again for my late reply ;)

I've attached the mbae-default.log found in C:\ProgramData\Malwarebytes\MBAMService -- is this the one you're looking for?

I don't know if it's obvious from my log files, but I'm using Malwarebytes 3.0.5.1299 if that helps...

mbae-default.log

Edited by ceravis
noted version number

Share this post


Link to post
Share on other sites

The log has been cycled and doesn't show the block information any more. Can you please try to repro again and post a fresh mbae-default.log?

Also, I added this to the global exclusion, so you might not be able to repro it again.

 

Share this post


Link to post
Share on other sites

Can't reproduce now, the DLL stays in place upon reboot -- your exclusion worked!  Wonder why my previous exclusion attempts on this end didn't work... but v3 is new, I expect some kinks remain to be worked out.

Thanks again Mieke and Pedro for your help!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.