Jump to content

False Positive (MachineLearning) - pass-winmenu.exe


Recommended Posts

Hello,

It appears that Malwarebytes is incorrectly flagging my software as malware.

I have attached a scan report as well a zip file containing the application. It's an open source application; the source code for the attached release can be found here: https://github.com/Baggykiin/pass-winmenu/tree/v1.7

Would you mind taking a look at it?

scanreport.txt

pass-winmenu.zip

Link to post
Share on other sites

Hi,

This was triggered by our MachineLearning/Heuristic engine, but has been fixed in a meanwhile, so this won't be detected anymore.

I can't reproduce detection anymore, so please let me know if this is still an issue.

 

Link to post
Share on other sites
  • 1 year later...

Hello,

just got blocked my password safe. I know, it's encrypting all my password files using GnuPG encryption tool and that might be a bit confusing for Malwarebytes. Still I need the application, so It's very handful if the false positive detection won't be problem anymore. Excluded the specific file, but cannot verify if that exclusion is taken by this version of file only or did I just create backdoor to my system using file path for exclusion.

https://www.virustotal.com/gui/file/dd1e0bbe3aad147df358af63383104ab1ce5aac38ffc1ddf721ad37ca5128471/detection

2019-08-23 Malwarebytes report - pass-winmenu false positive.txtpass-winmenu.zip

Link to post
Share on other sites

Hi,

It looks like this file was blocked only and not deleted/quarantined.
Is there any possibility you don't have internet connection on that computer? This since in order to make a final determination of the file, it requires internet connection. In case there's no internet connection available, Malwarebytes blocks the file only (because of suspicious behavior) to use the better safe than sorry approach.
So I suggest you temporary disable the malwarebytes antiransomware component from the system tray. (rightclick malwarebytes icon and select to disable ransomware protection)

Then reboot, as this unlocks the file again.

After reboot, I suggest that you add an exclusion for this file for the Antiransomware engine.

* To add the exclusion, open Malwarebytes > Settings > Exclusions tab
* Below, click the button: "Add Exclusion"
* Then, select "Exclude a File or Folder" (this should be prechecked already by default)
* Click Next
* You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude. In your case: C:\tools\pass-winmenu\pass-winmenu.exe (or alternatively, the folder C:\tools\pass-winmenu\ )
* For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already)
* Then click the OK button below.

Then enable Malwarebytes Antiransomware again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.