Jump to content

Keybase false positive


Recommended Posts

Incidentally, is there a way to back out of the false positive? I have "alert user" set wherever possible, and I got a pop-up saying keybase was going to be blocked - but it went by too fast and now Keybase won't run unless I disable Exploit protection in Malwarebytes. How to I reset it (so I get the pop-up again), or find out where I need to make an exclusion?


For this false positive in particular, it looks like cscript.exe is really what was flagged. Can this be white-listed? Or does that bypass the purpose of programs like MWB?




-Log Details-
Protection Event Date: 9/10/17
Protection Event Time: 10:35 PM
Log File: 14377dfe-96b3-11e7-aba4-00256490a632.json
Administrator: Yes

-Software Information-
Components Version: 1.0.188
Update Package Version: 1.0.2771
License: Premium

-System Information-
OS: Windows 10 (Build 14393.1593)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: keybase
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\system32\cscript.exe cscript.exe



Link to post
Share on other sites

  • Staff

Hello Stefanc,


I will want to see some of the logs to see why this is happening. Can you follow the instructions here to collect the logs I will need:




Also, to answer your question, if it is not popping up again, then we may have blocked the process it needed to run and it is not calling it again until our protection is disabled. We won't know if we will be able to exclude it until I get the logs though unfortunately. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.