Jump to content

Another false positive on Linux on Windows Subsystem


Anarelion

Recommended Posts

Every single time I try to upgrade my linux subsystem, I get some random file blocked from execution (dash this time) and boom, Linux subsystem is broken till I uninstall and reinstall.

I get that executing a bash/dash/any shell is dangerous, but is there a way to detect that they are running under the Linux subsystem and check what they do, not what they are?

Malwarebytes has helped me in the past, so far has been a trustworthy company, but security shouldn't kill usabilty. I should be the one to decide about security tradeoffs.

Please, if a shell executable is being run, allow me to decide if I allow it or not before blocking, also allowing browsing what is being executed would be a plus for expert users.
Bonus points if you automatically whitelist any ubuntu shell (they are supposed to be crypto signed).

Edited by Anarelion
more precise meaning
Link to post
Share on other sites

This is the error in malwarebytes and in my shell.

image.png.820c284e4d5a52bdbfda7648bd85dfa7.png

 

image.thumb.png.2ffb89669561adc73cb765b37a07f62b.png

 

I don't think its about having a repro or not, I think that these are common binaries used by malware and ransomware. My point is that I would like to have a choice whether I allow its execution or not, show me the arguments and any file involved and let me choose.

Security is about tradeoffs, I would like to have some setting to allow me to choose.

Link to post
Share on other sites

  • 1 month later...

Hello All,

A fix for Linux subsystem issues has been released in our ARW standalone release this week. This will be incorporated into the Malwarebytes Premium in the next Premium release which is slated for the end of March 2018. For now, if you would like to try out the fix on the standalone ARW product, it can be downloaded from https://forums.malwarebytes.com/topic/211708-latest-version-mbarw-beta-09-v-0918807-download/

Sincere apologies for the delay

Link to post
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.