3.2 still has problems with exceptions

[frozen]

As I posted here with 3.1.2 I had a frustrating time with MBam automtically quarantining updates to Nirsoft package of utilities. These utilities are stored on a non C: drive. Well upgraded to 3.2 and the exclusion issue is still there

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/29/17
Protection Event Time: 10:28 AM
Log File: ada67b50-8cce-11e7-b3e3-00ff486c33ab.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2682
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
PUP.Optional.StartUpManager, E:\Downloads\Nasty Fixes\wscc\NirSoft Utils\strun.exe, Quarantined, [7060], [86117],1.0.2682

(end)

I have the following folder exclusions set for Exclusion from protection of Malware or PUPs:

E:\Downloads\Nasty Fixes\NirSoft 

E:\Downloads\Nasty Fixes\wscc

E:\Downloads\Nasty Fixes\wscc\NirSoft Utils

Why is it that 3.2 is behaving the exact same way with exclusions? I regularly update these utils using the wscc free util and every time I do it I have try to restore these items from quaratine. Sometimes this restoration is not possible since MBam insists on making me reboot the computer.

 

[Porthos]

3 minutes ago, frozen said:

These utilities are stored on a non C: drive.

That is still an issue as far as I know.  @dcollins

[frozen]

Just now, Porthos said:

That is still an issue as far as I know.  @dcollins

So if I move this over to C: drive I will have no issue because even 3.1 had issues with the folder being on C: drive and i put up with it.

[Porthos]

Let's wait for confirmation from staff. But make a copy and try it.

[Firefox]

17 minutes ago, frozen said:

PUP.Optional.StartUpManager, E:\Downloads\Nasty Fixes\wscc\NirSoft Utils\strun.exe, Quarantined, [7060], [86117],1.0.2682

Is this the old StartupRun from Nirsoft?  That program is obsolete, and you should now be using WhatInStartup...  Does this detection happen with all Nirsoft tools?

[frozen]

6 minutes ago, Porthos said:

That is still an issue as far as I know.  @dcollins

So if I move this over to C: drive I will have no issue because even 3.1 had issues with the folder being on C: drive and i put up with it.

 

No its not just one Nirsoft app its a series of apps from Nirsoft. I update all of them. This round it was Strun.exe, IEHV.exe and WirelessNetView.exe if they are downloaded to a directory that is not on C: drive then the exclusions in MBam are useless. I moved the folder where I stored them over to C: drive and deleted these same utils and after excluding this new C: folder in MBam the update of these 3 utils downloaded file. 

 

[dcollins]

This exclusion issue was not fixed in the 3.2 release unfortunately. So yes, moving the utility to the C: drive should resolve it for now

[Firefox]

What type of exclusion did you add?  I only mention this as I am not getting any detections with mine and they are located in J: Drive....

Here is how I have mine excluded: