Jump to content

Trojan found in Malwarebytes product

cfoster8
 Share

Recommended Posts

dcollins

dcollins

Posted
Posted

I'm 99% sure. These files have been created by us for awhile, and from the logs provided, they are being provided correctly but Defender is flagging them, most likely because we store metadata about different infections in these files (not actual infections, just information).

Link to post
Share on other sites
dcollins

dcollins

Posted
Posted

I merged all the topics together to help keep this information in one place. There's a few things that you can do to help here as well:

  1. In Windows Defender, add an exclusion for C:\ProgramData\Malwarebytes\mbamservice. Since this is the folder we use to store all of our data, and it's protected by our Self-Protection module, you can safely exclude this folder from Defender.
  2. Report this detection to Microsoft using their False Positive page: https://www.microsoft.com/en-us/wdsi/filesubmission. You will need to find one of the sample JSON files in the Defender quarantine to submit.

We are also reaching out to Microsoft with this information, but user reports go a long way for companies in these situations.

Link to post
Share on other sites
exile360

exile360

Posted
Posted
1 hour ago, Tezzle said:

So, I can safely reinstall Malwarebytes?There's nothing to worry about?

Yes, it was a false positive by Microsoft as I suggested earlier.  Microsoft has now confirmed it and have corrected it so users of Windows Defender will no longer see these detections.  The issue was as I speculated, overly aggressive heuristics in their detection signatures.  They were using basic text string detection to flag any file containing a specific known malicious URL.  Since Malwarebytes blocks malicious websites and stores some of the black list information in some of these .JSON files, it means that the Windows Defender signature would flag these files when this string of text was found, misidentifying them as threats when they were just benign data files.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.