Jump to content
RussellR

Potential false positive detection

Recommended Posts

Malwarebytes has just quarantined a file which I believe to be genuine.  Can you please confirm that this is a false positive?  I attach the log file and zipped 'offending' file for examination please.

MBAM ransomware log.txtMBAM ransomware log.txt

Thank you

rosetta_4.06_windows_x86_64.exe.zip

Edited by RussellR
Spelling error.

Share this post


Link to post
Share on other sites

Wow!  That was quick!

Thank you.

I have just carried out a full rescan as well as a scan of the individual file and this time no problems were reported.

Share this post


Link to post
Share on other sites

Hi,

I checked again the file that was already attached but it's still on our whitelist so you probably don't have the same exact file as the one previously attached. Can you attach your copy of the file please?

Thanks

Share this post


Link to post
Share on other sites

also if you can attach the mbamservice.log i can see what actually happened.

it is located in this directory.

C:\ProgramData\Malwarebytes\MBAMService\LOGS

Share this post


Link to post
Share on other sites

Thanks for your messages.  I attach the two files requested.  I note that although I quarantined the file through MBAM it remained in the original directory.  I have not recently updated this program.

I have scanned the file individually and no problems were reported.

rosetta_4.06_windows_x86_64.exe.zip

MBAMSERVICE.LOG

 

Can I add a supplementary question - probably unrelated?  My boot time has recently increased substantially, from around 30 seconds to over 100.  Not a particular problem, but Wise Care reports that Malwarebytes service is the slowest by far at 54.30 seconds.  Is there a known reason for this please?

Share this post


Link to post
Share on other sites

Hmm i am not sure on the boot time. You would have to check with support for that.

I am checking with Dev on this detection. The file wasnt deleted but just process killed. It seems like mbam couldnt check our cloud whitelisting service for an update on the file. This makes it unknown cloud status and is just process killed to be safe.

You can as a workaround for now add this file to exclusions.

Share this post


Link to post
Share on other sites

Many thanks, Shadowwar

I had a look at the log before sending it and noted that anomaly, which presumably explains why it only seemed to fail on that one occasion.  I'll refrain from manually whitelisting for the time being and let Malwarebytes do the checks.  I have also used the option to move the file back out of quarantine, though as you say it only appears to have been killed rather than removed on this occasion.

Noted re the boot time

Edited by RussellR

Share this post


Link to post
Share on other sites

Thanks Shadowwar

 

I have downloaded the clean up tool as directed, but after reboot did not get a prompt to re-install. I therefore downloaded the file from your website and installed that way.

I do not have the log file ("mb-clean-results.txt") but can attach the reinstall log for your perusal.

A subsequent scan has revealed no issues.

MBAM reinstall log.txt

Share this post


Link to post
Share on other sites

Keep me posted. Its really tough for us to duplicate the bug but from your mbamservice log we seem to think this is what is happening. Basically a stale Cache issue with our cloud in very limited circumstances.  A mbam clean reinstall clears the cache.

 

 

Edited by shadowwar

Share this post


Link to post
Share on other sites

Thanks

I wanted to delete an account I had set up for testing, so booted into my Admin account.

When cleaning/reinstalling Malwarebytes I had used my normal, limited account and accepted the UAC prompt.

Immediately the Admin account was running, I got the prompt asking if I wanted to download and run the installation file and save the log.  So I decided to run the clean up tool again in full Admin mode.  The log is attached in case you still need it.

I'll let you know how things develop :mellow:

mb-clean-results.txt

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.