Jump to content
peteyt

SlimDrivers PUP and exclusion issue

Recommended Posts

I use SlimDrivers which Malwarebytes classes as a PUP. I want Malwarebytes to exclude it from detections. I have placed the whole program folder as an exclusion e.g. the programs folder in C:\Program Files (x86)

The problem is that malwarebytes ignores this exclusion when running a full system scan. Not only does it ignore it every file to do with SlimDrivers gets flagged on the scan e.g. every file inside the program folder and any others in any other location. As there are quite a few files inside the program folder it makes it look like its found lots of threats. If the whole folder is an exclusion why is it doing this?

Thanks

Share this post


Link to post
Share on other sites

If you are sure you want to keep this PUP on your system, then exclude the folders as you already have done. Next run a scan and wait for the scan to finish and the items are detected. Once that is done Uncheck all items that were detected and click on (Quarantine Selected) and on the next window that pops up click on Ignore Always.  That should take care of it.

Edited by Firefox

Share this post


Link to post
Share on other sites
4 hours ago, Firefox said:

If you are sure you want to keep this PUP on your system, then exclude the folders as you already have done. Next run a scan and wait for the scan to finish and the items are detected. Once that is done Uncheck all items that were detected and click on (Quarantine Selected) and on the next window that pops up click on Ignore Always.  That should take care of it.

Thanks for the help just running a scan now but is this a bug? Surely if a folder is added to exclusions it should ignore it on a scan. I updated the component package before the scan after noticing this "Fixed a number of issues with Exclusions, including Scan Exclusions not working correctly for all trace detections," but that didn't make any odds. Never had any exclusion issues before in the past.

Share this post


Link to post
Share on other sites

I'd like to add its finding well over a thousand threats the problem being ignoring all these will take up a lot of room in exclusions. It should just allow me to exclude a specific folder and anything else inside that folder

Share this post


Link to post
Share on other sites
1 minute ago, peteyt said:

I'd like to add its finding well over a thousand threats the problem being ignoring all these will take up a lot of room in exclusions. It should just allow me to exclude a specific folder and anything else inside that folder

In that case you might want to disable PUPs detection entirely. If you're careful with installs PUPs shouldn't be a problem.

Share this post


Link to post
Share on other sites
Just now, Telos said:

In that case you might want to disable PUPs detection entirely. If you're careful with installs PUPs shouldn't be a problem.

But that won't fix the issue for anyone else. This isn't for multiple pups basically malwarebytes is ignoring an exclusion for a pups folder and classing everything in that folder as a pup. Is there anywhere i can submit this as a bug?

Share this post


Link to post
Share on other sites
2 minutes ago, peteyt said:

Is there anywhere i can submit this as a bug?

This would be the place. But you'll be asked to supply FRST logs so the developers can better understand your system.

 

Share this post


Link to post
Share on other sites

We will have to wait on someone from staff to reply as to weather this is still a but or not, currently the only way to avoid your software from being detected is to follow the instructions I provided above.  There are some items that are probably being detected that are either not in the same folder and some of them could be registry settings for the program.

If you feel its a false positive you can report it in the False Positives section and see what the team replies there (however I am afraid the reply will be that its not a false positive).

Share this post


Link to post
Share on other sites
35 minutes ago, Firefox said:

We will have to wait on someone from staff to reply as to weather this is still a but or not, currently the only way to avoid your software from being detected is to follow the instructions I provided above.  There are some items that are probably being detected that are either not in the same folder and some of them could be registry settings for the program.

If you feel its a false positive you can report it in the False Positives section and see what the team replies there (however I am afraid the reply will be that its not a false positive).

Things are being found in the app data folder as well as the program folder and also start menu folder but whatever folders i exclude it seems to ignore and seems to flag evey file. The problem is there are lots of files in the program folder so lots of files get flagged. I will try to get a screenshot next time i can get on the pc

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.