Jump to content

False Positive - wfcsetup.exe


mniasfreemag
 Share

Recommended Posts

Hi 

I am getting a false positive for windows firewall control installation file. I have attached the log files below.

Also Here its the virustotal result page: https://www.virustotal.com/#/file/17e84c83e7a7f47d667a9208cbbca5abef7ca203f10700a3f2dc8074e266e1a5/detection 

Thanks,

 

dd13d3ff-e138-4ec8-b8b8-8c85254a817c.rar

false positive wfcsetup.rar

Link to post
Share on other sites

Hi...this is still broken.  WFC downloads the updated program to the TEMP directory and tries to install it.  The updated program is currently in my TEMP directory and if I scan it with MBAM it's still flagged and I'm asked if I want to quarantine it.  I've updated MBAM with the latest signatures.   Here's the log file it creates:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/24/18
Scan Time: 11:48 AM
Log File: fad5c30e-47d6-11e8-9cf6-00224d99367e.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4860
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: ROBWIN\Rob

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 0 min, 7 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
MachineLearning/Anomalous.100%, C:\TEMP\C3D00D14-DEF3-476F-BBFE-E3CB21684130\WFC5SETUP.EXE, No Action By User, [0], [392687],1.0.4860

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Staff

ok this should be fixed. I double checked and its whitelisted.,

If its still detected on your end can you try the following?

 

Totally exit/shutdown Malwarebytes.

 

Go to here in explorer:

C:\ProgramData\Malwarebytes\MBAMService

and delete the following file only.

hubblecache

 

it has no extension.

 

Then you can restart mbam and the cache file will rebuild on the next scan.

Link to post
Share on other sites

Thanks but it still failed.  I followed your procedure to delete the Hubblecache file and restarted MBAM.   From the log can you verify that I'm running the latest signatures?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/24/18
Scan Time: 12:30 PM
Log File: c1a7b866-47dc-11e8-9686-00224d99367e.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4860
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: ROBWIN\Rob

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 0 min, 8 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
MachineLearning/Anomalous.100%, C:\TEMP\C3D00D14-DEF3-476F-BBFE-E3CB21684130\WFC5SETUP.EXE, No Action By User, [0], [392687],1.0.4860

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

I've got this happening on my own system.  I downloaded wfcsetup to test and I can replicate the detection 100% of the time, even after quitting Malwarebytes and deleting the hubblecache file and then launching MB3 and running another scan.  I've been through this procedure 2 times now with the same result, the file is still being detected.

Attached are copies of my most recent scan log and my latest hubblecache file.

Let me know if there's anything else you want me to try.

WFC FP.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.