Jump to content

Company software being reported as Malware.Exploit.Agent.Generic


Aero98
 Share

Recommended Posts

I am a Senior technician for a la mode technologies, llc. and we are getting reports that one of the files in our software is getting marked as a virus on our customer's machines by Malwarebytes. This is causing issues for both our customers and for use and we would like to have this file scanned and remove from the virus detection to prevent further disruption to our customers work.

Thank you,
Jason Krise
Senior Tech.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/13/17
Protection Event Time: 11:43 AM
Log File: aee63d22-b035-11e7-8f15-d8cb8a4f7edc.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3005
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: Internet Explorer (and add-ons)
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload from UNC blocked
File Name: \\ka08\total program share\WinTOTAL.exe
URL:

 

(end)

Malwarebytes false positive.txt

WinTOTAL.zip

Link to post
Share on other sites

  • Staff

Hi,

We will look into this, thanks for reporting.

As a temporary measure, please add this one to your exclusions.

To do so, 

  1. Click on the Settings tab in the left pane.
  2. Click on the Exclusions tab.
  3. Click the Add Exclusion button.
  4. Select: Exclude a Previously Detected Exploit from the Exclusion type window.
  5. Click the Select button.
  6. Choose the detected exploit from the Add Exclusion pop up. Click OK.
  7. Enter the name of the associated application and click OK.

Exclusions+008.jpg


Exclusions+010.jpg

Small note, there might be a problem with adding an exclusion for a UNC path though.

Link to post
Share on other sites

  • Staff

Unfortunately, you cannot exclude by MD5 for files executed through UNC.

The workaround is to go to MB3 Protection settings, advanced anti-exploit settings, and disable the UNC LoadLibrary technique. This technique is disabled by default in our corporate products, so this problem should only appear in the consumer builds of Malwarebytes.

 

 

Link to post
Share on other sites

On ‎10‎/‎14‎/‎2017 at 11:41 AM, pbust said:

Unfortunately, you cannot exclude by MD5 for files executed through UNC.

The workaround is to go to MB3 Protection settings, advanced anti-exploit settings, and disable the UNC LoadLibrary technique. This technique is disabled by default in our corporate products, so this problem should only appear in the consumer builds of Malwarebytes.

 

 

That will be problematic for us as our server installs run the client executable through a UNC path on their local host machine. This is not something that can be changed.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.